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INTRODUCTION 


In Unit 4 we described the formal language we shall be using in the 
remainder of the course. We also introduced the idea of an interpretation. 
Now we introduce the notion of a formal proof of a formula of our formal 
language. We want to specify when we can derive or prove a given formula 
from other formulas used as assumptions. 

A formal proof of a formula if from formulas (j) 1 , cp 2 ,..., (p k used as 
assumptions is a list of formulas constructed as follows. We begin by listing 
the formulas (p x , (p 2 ..., <p k ■ We describe nine logical rules of proof that tell 
us which other formulas we can add to the list. For example, one rule, called 
the Tautology Rule , tells us that if a formula 9 is a tautological consequence 
of formulas already in the list, then 6 may be added to the list. If we can 
produce a list of formulas constructed from the assumptions using the rules 
and which ends with the formula ip, then we have derived ip from 

< p 1 ,4>2 • ■ ■ ,4>k- 

An obvious requirement for formal proofs is that they should be logically 
valid, in the sense made precise in Subsection 3.3 of Unit 4■ if we derive a 
formula ip from formulas <p 1 , <p 2 ■ ■ ■, 4>k , then ip should be a logical 
consequence of (p 1 , (p 2 ■ ■ ■ , <p k , that is, we require that ip should be true in 
every interpretation in which all of the formulas <p x , (p 2 ■ ■ ■ ■, <Pk are true. A 
second requirement is that there should be an algorithm for deciding 
whether a given list of formulas is a formal proof, so that this can be 
checked by a machine. 

In this unit, we introduce seven of the rules of proof. We shall complete the 
list of the logical rules of our formal system and start looking at how to use 
it to prove statements about number theory in Unit 6. 


1 FIRST STEPS 


We shall begin this section by examining an informal proof from everyday 
mathematics to see the way in which it might be formalized. Then we shall 
introduce our first three rules of proof. 


1.1 Mathematical proof 

In the Introduction to Unit 4 we remarked that, whereas in everyday 
mathematics we do not state explicitly which logical principles we are using, 
in a formal system the rules that can be used in carrying out deductions are 
stated explicitly. Before we describe, in this unit and the next, the rules that 
we are going to allow, we need to think about the nature of an informal 
mathematical proof. Our intention is that our precisely defined notion of 
formal proof should correspond as closely as possible to the informal notion 
used by mathematicians. 


We shall often call a proof within 
our formal system a derivation and 
use the word derive to describe the 
process of giving such a proof. 
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Since the informal notion is not absolutely precise, we cannot hope to give 
an exact definition, but we feel that there would not be too much 
disagreement with the following description. 

A mathematical proof is a finite sequence of mathematical assertions 
which forms a valid and convincing argument for the desired conclusion 
from stated assumptions. 

In this description ‘finite sequence’ means that the finitely many assertions 
are in some definite order, with a beginning and an end. ‘Valid’ means that 
the conclusion does really follow from the stated assumptions, that is, the 
conclusion is a logical consequence of the assumptions. It is because proofs 
are valid arguments that, when we have proved something, we know it is 
true, given that the assumptions are true. 

The validity of an argument is a matter of logical fact; in contrast, 
‘convincing’ is a psychological notion. From our point of view this is 
unsatisfactory. We want it to be a matter of objective fact that a sequence 
of assertions counts as a formal proof. Each step should be checkable by 
another mathematician working in a mechanical way. Indeed, we require 
that there is an algorithm to decide whether or not a sequence of formulas 
satisfies the requirements of being a formal proof, so that it can be checked 
by a machine. 

As we want formal proofs to correspond to the proofs we use in everyday 
mathematics, let us look at such a proof to see how it can be reorganized to 
bring out its logical structure. The example we have chosen comes from the 
beginnings of number theory. 

Theorem 

If the square of a natural number is even, then the number itself is even. 

Proof 

Assume n 2 is even. Next assume that n is odd. Then, by definition, there is 
a natural number k such that n = 2k + 1. Hence n 2 = (2k + l) 2 . But 
(2k + l) 2 = 4fc 2 + Ak + 1 = 2(2 k 2 + 2k) + 1, so n 2 = 2(2 k 2 + 2k) + 1. This 
shows that n 2 is odd, so is not even, contradicting our initial assumption. 
Hence n cannot be odd, so n is even. ■ 

The above is a perfectly good and correct everyday proof. It is not, however, 
in the best form for a machine to check that it is indeed correct. Apart from 
not being written in a formal language, the proof leaves unsaid much of the 
justification of the steps that it uses. For instance, when we write 
‘n 2 = (2k + l) 2 . But (2k + l) 2 = 4fc 2 + 4k + 1 = 2(2 k 2 + 2k) + 1, so 
n 2 = 2(2fc 2 + 2k) + 1’, we axe assuming familiarity with the rule that allows 
us to deduce that a = c from the equations a — b and b = c between natural 
numbers a, b and c. Of course, in everyday mathematics it is perfectly 
reasonable to assume that a reader will take this for granted. A machine, 
however, cannot take it for granted; a machine needs the rule and the use of 
the rule to be spelled out. 

Thus, as a first step towards our description of a formal proof, let us rewrite 
the proof above in a different format. First, we shall use a separate line for 
each assertion made in the argument, for convenience changing the words in 
places. Second, we shall give each line a number corresponding to the 
position of the line in the sequence of assertions. Next, to the right of each 
assertion we shall write down the justification for that assertion and, as this 
justification will often be in terms of earlier assertions, the line numbering is 
particularly useful here. Our rewritten proof is as follows. 


We shall sometimes use ‘valid’ as 
shorthand for ‘logically valid’. 


This is, of course, quite common 
practice in mathematics, for 
instance when one wishes to refer 
to important equations. 
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Second version of the proof 


2 number 

Assertion 

Justification 

(1) 

n 2 is even 

Assumption 

(2) 

n is odd 

Assumption 

(3) 

For some number k, 

From 2 using the 


n = 2k + 1 

definition of ‘odd’ 

(4) 

n 2 = (2k + l) 2 

From 3 

(5) 

(2k + l) 2 = 4A: 2 + 4fc + 1 1 

Algebraic 

(6) 

4fc 2 + 4/c + 1 = 2(2k 2 + 2k) + l J 

manipulations 

(7) 

(2k + l) 2 = 2(2 k 2 + 2k) + l 

From 5 and 6 

(8) 

n 2 = 2(2 k 2 + 2k) + 1 

From 4 and 7 

(9) 

For some number l , 

From 8 putting 


n 2 = 21 + 1 

l = 2k 2 + 2k 

(10) 

n 2 is odd 

From 9, by the 
definition of ‘odd’ 

(11) 

n 2 is odd and n 2 is even 

From 10 and 1 

(12) 

n is not odd 

From 11, using 
‘proof by contradiction’ 

(13) 

n is even 

From 12 

(14) 

n 2 is even implies n is even 

13 has been deduced 
from 1 


The way that this layout separates the assertions from their justifications, 
that is, the rules used to arrive at the assertions from previous ones, is a 
feature that we shall build into our idea of a formal proof. A formal proof 
will consist of a sequence of assertions, each of which is accompanied by a 
reference to the rule by which it was derived from previous assertions. 

It seems that in our informal proof we are using a large number of different 
rules for deriving assertions. We shall see in this unit and Unit 6 that, for 
formal proofs, we can get by with just nine rules. Before we start looking at 
these rules there is one simple, but important, refinement that we make to 
the format of our proof. 

Most proofs, formal and informal, contain assertions that are, in fact, 
assumptions, such as lines 1 and 2 in the proof above. Various conclusions 
are drawn from these assumptions. For example, at line 10 we have 
concluded from the assumption that ‘n is odd’ that ‘n 2 is odd’, which has 
led us in line 11 to conclude from the assumption that ‘n 2 is even’ that ‘n 2 is 
odd and n 2 is even’, giving us a contradiction. We concluded that it cannot 
be the case that both initial assumptions are simultaneously true. It was 
relatively easy to see in this proof that both initial assumptions were used in 
deriving the contradictory assertion at line 11, which in turn enabled us to 
conclude that both assumptions cannot hold simultaneously. In other proofs 
it may not be so easy, and yet it is important to know which assumptions 
are implicit in any given assertion. To this end, it is going to be very helpful 
to keep a record, on each line of the proof, of which assumptions have been 
used in deriving the assertion on that line. 

Keeping track of which assumptions have been used to derive the assertion 
on a particular line is not too difficult. For example, if in the above proof we 
look at the justification for line 8, we see this line has been deduced from 
lines 4 and 7. Now line 4 follows from line 3 which, in turn, has been 
deduced from the assumption on line 2, which depends on nothing earlier in 
the proof. Also line 7 follows from lines 5 and 6, which are justified by 
simple algebraic properties of the natural numbers (such as the distributive 
law, the commutative law and so on). Let us write AP for the algebraic 
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properties used here; they are not really our main concern at this stage, 
although in a deeper analysis of this proof one would have to investigate 
exactly which of these properties are being used. Thus we see that the 
assertion on line 8 depends ultimately on the assumption on line 2 and AP. 
We usually express this by saying that the assumptions in force on line 8 are 
line 2 and AP, or that line 8 depends on the assumptions 2 and AP. We are 
going to indicate this by writing ‘2, AP’ to the left of the line number. If we 
indicate the assumptions in force on each line in this way, we obtain the 
following version of our proof. 


Third version of the proof 


Assumptions 

Line number 

Assertion 

Justification 

1 

(1) 

n 2 is even 

Assumption 

2 

(2) 

n is odd 

Assumption 

2 

(3) 

For some number k , 
n = 2k + 1 

From 2 using the 
definition of ‘odd’ 

2 

(4) 

n 2 = (2k + l) 2 

From 3 

AP 

(5) 

(2k + l) 2 = 4fc 2 + 4k + 1 1 

Algebraic 

AP 

(6) 

4/c 2 + 4/c + 1 = 2(2 k 2 + 2k) + l j 

manipulations 

AP 

(7) 

(2k + l) 2 = 2(2 k 2 + 2k) + l 

From 5 and 6 

2, AP 

(8) 

n 2 = 2(2 k 2 + 2k) + l 

From 4 and 7 

2, AP 

(9) 

For some number l, 
n 2 = 21 + 1 

From 8 putting 
l = 2k 2 + 2k 

2, AP 

(10) 

n 2 is odd 

From 9, by the 
definition of ‘odd’ 

1,2,AP 

(11) 

n 2 is odd and n 2 is even 

From 10 and 1 

1, AP 

(12) 

n is not odd 

From 11 using 
‘proof by contradiction’ 

1, AP 

(13) 

n is even 

From 12 

AP 

(14) 

n 2 is even implies n is even 

13 has been deduced 
from 1 


We have written the number 1 at the extreme left of line 1 because the 
assertion ‘n 2 is even’ is an assumption and so naturally the assumption in 
force on line 1 is just the assertion that occurs there. Similarly the 
assumption in force on line 2 is just the assertion on this line. To find the 
assumptions in force on line 3, we look at the justification for this line. We 
see that line 3 follows from line 2 and so depends on the same assumptions 
as line 2. So we write the number 2 to the left of line 3. Similarly line 4 
follows from line 3, and so depends on the same assumptions that line 3 
depends on. Since the only assumption in force on line 3 is the one on line 2, 
we write the number 2 to the left of line 4. 

We carry on in this way, keeping track of the assumptions in force on each 
line. We leave it to you to verify that the details written to the left of lines 5 
to 10 correspond to the assumptions in force on those lines. 

When it comes to line 11, we see that this line follows from lines 10 and 1. 
So the assumptions in force on this line are all those in force on line 10, 
namely 2, AP, together with the assumption in force on line 1, namely 1. 
Thus we have written 1,2, AP to the left of the line 11 to indicate that these 
are the assumptions in force on that line. Now, what have we proved at this 
stage of the argument? Our analysis reveals, on line 11, that the 
assumptions 1, 2, AP lead to a contradictory statement, namely ‘n 2 is odd 
and n 2 is even’. Hence not all these assumptions can be true simultaneously. 
So if the assertion on line 1 and AP are assumed to be true, then it follows 
that the assertion on line 2 must be false, so that n cannot be odd. This is 




precisely what we have indicated on line 12, where we specify that the 
assertion ‘n is not odd’ can be deduced from the assumptions 1, AP. 

The proof is essentially complete on line 13 since this line states that, 
assuming AP, the assertion ‘n is even’ follows from the assertion on line 1, 
namely that ‘n 2 is even’. However, it is neater to have the actual statement 
of the theorem we are proving as the last line of the proof. So we 
incorporate assumption 1 into the assertion on line 14, leaving AP as the 
only assumptions in force on this line. 

The last three lines in the third version of the proof illustrate the advantages 
of keeping track of the assumptions in force on each line. A casual glance at 
line 13 in the second version of the proof might suggest that we have proved 
the assertion ‘n is even’ without any restriction. This would be strange as 
natural numbers are not all even. However, the analysis in the third version 
brings out the fact that we have only proved ‘n is even’ assuming that ‘n 2 is 
even’, and this is made perfectly clear in line 13 of the third version. Also, 
as AP remains to the left of line 14, we have revealed that, not surprisingly, 
some algebraic properties of the natural numbers have been used in the 
proof. 

Note that some steps in the argument add to the number of assumptions in 
force, for example those on lines 8 and 11, whereas others reduce the number 
of assumptions, for example those on lines 12 and 14. 

The third version of our proof is still essentially informal. Nevertheless our 
notion of formal proof will copy its layout, so that a formal proof will 
consist of a finite table with columns for: 

Assumptions Line number Assertion Justification 

An assertion in a formal proof will be simply a formula of the formal 
language, as defined in Unit f. The justification will consist of a reference to 
the use of one of the nine rules of proof that we shall define and, in most 
cases, to the earlier line or lines of the proof to which the rule has been 
applied. The rules will specify which formulas may be derived, and hence 
written in the assertion column, and which assumptions are in force on the 
new line. The last line of a formal proof will contain the assertion, or result, 
that has been formally proved from the assumptions in force on that line. 

In the rest of this unit and in Unit 6 we shall look at the rules that can be 
used in a formal proof, and at how we make use of them. 


1.2 Three rules of proof 

When we come to choose which rules of proof to allow, we must bear in 
mind that it is an absolute requirement that formal proofs should be 
logically valid and that they can be checked by a machine. Before we discuss 
logical validity and machine checkability, however, we need to consider a 
practical matter. 

Practical considerations pull us in two directions. When it comes to giving 
formal proofs, we would like our formal system to be very powerful with lots 
of rules, so that formal proofs are easy to construct and so that a formal 
proof exists whenever we can reasonably expect this. From this point of 
view the only constraints are those of logical validity and machine 
checkability mentioned above. However, when it comes to studying a formal 
system, as an object of mathematical enquiry, it is desirable that the formal 
system should be as simple as possible, with a small number of rules. In this 
course we have chosen to use a formal system with rather a small number of 
rules, but which is sufficiently powerful for formal proofs of formulas to exist 
whenever this is not ruled out by the requirement of logical validity. 


We shall not include the column 
headings when writing down a 
formal proof. 


We encountered a similar dilemma 
when choosing the basic symbols of 
our formal system in Unit 4 
(Subsection 1.1). 
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We now need to explain exactly what the requirement of logical validity 
means. As we have noted, a formal proof establishes the claim that a certain 
formula can be deduced from a set of formulas used as assumptions. The 
requirement of logical validity is that, whenever we have a formal proof of a 
formula ip from a set of assumptions <p l .(p 2 , ■ ■ ■, (p k , then ip must be a logical 

consequence of these assumptions. You should recall that this means that ip See Unit 4, Definition 3.4. 

is true in every interpretation in which (p x , cp 2 ,..., <p k are true. We shall 

ensure that formal proofs are logically valid by ensuring that each individual 

rule we introduce preserves logical validity, so that each step within a proof 

preserves logical validity. 

We now come to our second requirement, that of machine checkability. We 
incorporate this requirement into our formal system by designing each of the 
rules of proof in such a way that there is an algorithm that can check 
whether a purported use of the rule is a correct application of it. 

We are now ready to introduce our first rule of proof. It corresponds to the 
one used on lines 1 and 2 of the informal proof given in Subsection 1.1, that 
is the rule which corresponds to making an assumption. For this reason it is 
called the Assumption Rule. 


Definition 1.1 Assumption Rule (Ass) 

Any formula may be introduced on a line of a formal proof. The only 
assumption in force on this line is the formula itself. 


We write Ass in the Justification column of a formal proof to indicate that 
the Assumption Rule has been used. Thus a line on which this rule is used 
will have the following form. 

Assumptions Line number Assertion Justification 
k ( k ) cp Ass 

Note that the assumption number is the same as the line number. This is 
because, as specified by the rule, the only assumption in force on a line 
where the Assumption Rule is used is the formula introduced as an 
assumption on that line. 

You may think that the Assumption Rule is rather trivial. It is a very 
simple rule, but it should not be undervalued. We used it twice in our 
informal proof. We shall subsequently see that, without this rule, most 
formal proofs would not get off the ground. In most cases the first line of a 
formal proof will consist of an application of this rule. 

It is easily seen that the Assumption Rule meets the requirements of logical 
validity and machine checkability. When we use the rule, a formula cp is 
derived from the assumption cp. It is trivially true that a formula <p is a 
logical consequence of <p. So the rule is logically valid. It is also clear that 
there is an algorithm to check whether a line in a formal proof has the 
correct form for a use of this rule, as set out above. 

The next rule that we introduce is more powerful. We first specify the rule, 
then we give an example of its use, after which we explain why it satisfies 
our two requirements, namely logical validity and machine checkability. 

You will need to recall the definition of tautological consequence, namely See Unit 4, Definition 3.5. 
that the formula ip is a tautological consequence of the formulas 
<Pi, <p 2 , ■ ■ ■, (pk if the formula 

((• • • ((0i k(p 2 )k(p 3 )---k <p k ) -* ip) 

is a tautology. 
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Definition 1.2 Tautology Rule (Taut) 

If the formulas (f> 1 , (p 2 , ■ ■ ■, 4>k occur on certain lines of a formal proof 
and the formula ip is a tautological consequence of (pi, (p 2 , ■ ■ ■ > 4>k’ then 
on any subsequent line we may introduce the formula ip, which will 
depend on all the assumptions in force on the lines on which the 
formulas <f> 1 , <p 2 , ■ ■ ■, <Pk occur. 


When we use the Tautology Rule we indicate this in the Justification 
column by writing Taut followed by the numbers of the lines on which the 
formulas (p 1 , (p 2 , ■ ■ ■, <Pk occur. 

Here is an example to illustrate the use of this rule. 

Example 1.1 


1 

(1) 

(3x(x + y) = 0 -► y = O') 

Ass 

2 

(2) 

(3x (x + y) = 0 V Vz y = z) 

Ass 

1,2 

(3) 

(y = O' V Wzy = z) 

Taut, 1,2 


The annotation on the right of line 3 indicates that we have derived this line 
using the Tautology Rule from the formulas on lines 1 and 2. Thus the 
assumptions in force on line 3 are all those in force on lines 1 and 2, namely 
1 and 2. This is indicated by the annotation 1,2 on the left of line 3. 

For this to be a correct use of the Tautology Rule, we need the formula 

(((3a; (x + y) = 0 —► y = O') & (3x (x + y) = 0 'J'izy = z)) —> (y — O' V Vzy = z)) 

to be a tautology. We have already seen, in Unit f, Problem 3.2(b), that this 
formula is a tautology. So the table above is a correct formal proof. It is a 
formal proof of the formula on line 3 from the assumptions in force on this 
line, namely the formulas on lines 1 and 2. ♦ 

Now we check that the Tautology Rule meets our requirement of logical 
validity. We need to show that if a formal proof is valid up to the point at 
which we make use of this rule, then it remains valid to derive the formula ip 
from the formulas (p 1 ,(p 2 ,... ,(p k which occur on specified earlier lines of the 

proof, on which the sets of assumptions in force are Ai, A 2 ,..., A*, A is the Greek letter ‘capital delta’, 

respectively. The supposition that the proof is valid at this point means 
that, for 1 < i < k, the formula <p t is a logical consequence of the set of 
formulas A*. 

When we apply the Tautology Rule to derive the formula ip, the set of 
assumptions in force will be all those in the sets Ai, A 2 ,..., A*,. That is, the 
set of assumptions is A where 

A = Ai U A 2 U • • • U A*,. 

We show that the formal proof is still valid by showing that, in this 
situation, ip is a logical consequence of the set of formulas A. We thus need 
to show that if we have an interpretation in which all the formulas in A are 
true, then ip is also true in this interpretation. 

So suppose that we have an interpretation in which all the formulas in A are 
true. Then, for 1 < i < k, all the formulas in A* are true, and hence, as 0 i is 
a logical consequence of A,, <p i is also true in this interpretation. Thus each 
of the formulas <p 1 , (p 2 , ■ ■ ■, <p k is true. As we have used the Tautology Rule to 
derive ip, ip is a tautological consequence of <p 1 , <p 2 ,..., <p k . Hence, by 
Theorem 3.1 of Unit \, it is a logical consequence of these formulas. It 
follows that ip is also true in the given interpretation. 

This completes the proof that ip is a logical consequence of A. In this way 
we have shown that the Tautology Rule is logically valid. 
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A use of the Tautology Rule is valid if and only if the relevant formula 
((• • • ((4>i & <(> 2 ) & <t> 3 ) • • • & 4>k) —» ip) is a tautology. We saw in Unit 4 that 
there is an algorithmic method based on truth tables for determining 
whether or not a formula is a tautology. Thus the Tautology Rule also meets 
our requirement of machine checkability. 

In many standard treatments of 
logic the Tautology Rule is 
replaced by a number of different 
rules dealing separately with each 
connective. Both approaches have 
their advantages and 
disadvantages. One major 
advantage of using the Tautology 
Rule is that it generally makes 
formal proofs shorter. 

The next rule that we introduce also corresponds to a step in the informal 
proof we have just been discussing. This is the step at line 14, where we 
incorporated an assumption into the assertion by using the word ‘implies’. 

Since it is the symbol —> that corresponds to ‘implies’, we formulate our 
third rule, called the Conditional Proof Rule, as follows. 


The Tautology Rule is quite powerful. It encompasses in a single rule almost 
all deductions whose logical validity arises from the meanings of the 
connectives. We made use of an informal version of the Tautology Rule in 
the informal proof which we gave in Subsection 1 . 1 . Consider the step made 
at line 11. If we use <p l to represent ‘n 2 is odd’ and d> 2 to represent ‘n 2 is 
even’ then we see that this step amounts to deducing the formula ((p 1 & (f> 2 ) 
from the formulas <p 1 , <p 2 . Since, as you can easily check, the formula 
((</q & <j> 2 ) —> (<p l k.(j ) 2 )) is a tautology, this step corresponds to a use of the 
Tautology Rule. 


Definition 1.3 Conditional Proof Rule (CP) 

If the formula if occurs on a line of a formal proof and the formula (p 
occurs among the assumptions in force on that line, then on any 
subsequent line we may introduce the formula (<p —> ip), which will 
depend on all the assumptions other than (f> which are in force on the 
line on which the formula tp occurs. 


When we use this rule we indicate this in the Justification column by writing 
CP followed by the number of the line on which the formula ip occurs. 

Here is an example to illustrate the use of this rule. 

Example 1.2 

We give a formal proof of the formula 
(x = y->(x = y\/y = 0)) 
depending on no assumptions at all. 

1 (1) x = y Ass 

1 (2) (x = y\/ y — 0) Taut, 1 

(3) (x = y->(x = yVy = 0)) CP, 2 

The use of the Tautology Rule on line 2 is justified as the formula 
(x = y —> (x = y V y = 0)) is a tautology, as you can easily check. 

The use of the Conditional Proof Rule on line 3 is justified as follows. On 
line 2 we have the formula (x = y V y = 0) and the formula x = y is in force 
as an assumption on this line. The Conditional Proof rule tells us that we 
can introduce the formula (x — y —> (x = y V y = 0)) and that this depends 
on all the assumptions on which (x = y V y = 0) depends other than the 
formula x = y. But there are no assumptions on which (x = y V y — 0) 
depends, on line 2, other than x = y. So the formula on line 3 does not 
depend on any assumptions at all. We indicate this by not writing anything 
in the Assumptions column on the left of line 3. On the right of this line we 
write CP, 2 in the Justification column to indicate that line 3 has been 
obtained by applying the Conditional Proof Rule to line 2. ♦ 
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As with the other rules, we need to check the logical validity of the 
Conditional Proof Rule. Suppose that we have a formal proof which is valid 
to the point at which we make use of this rule, and that we apply this rule 
to derive the formula (<p —> ip) from an earlier line on which ip has been 
derived from a set of assumptions, (p, <j) 1 .<p 2 , ■ ■ ■ ,<Pk say, which includes <p. 
Our supposition that the proof so far is valid means that ip is a logical 
consequence of <p, <p 1 ,<p 2 ,...,<p k . When we use the Conditional Proof Rule 
we derive the formula {cp —> ip) from the set of assumptions (p 1 , (p 2 ,..., 4>k- 
Thus to show that the proof is still valid we need to show that (cp —♦ ip) is a 
logical consequence of (p 1 , cp 2 , ■ ■ ., <p k - 

To this end we consider an interpretation in which all the formulas 
<Pi, <p 2 ,..., (p k are true. In this interpretation the formula <p is either true or 
false. We show that in either case the formula ( <p —» ip) is true. If <p is false 
in this interpretation, then it follows immediately from the truth table for —> 
that (<p —» ip) is true. If <p is true then in this interpretation all the formulas 
(p, (p 1 ,<p 2 ,...,<p k are true. Then it follows immediately from our supposition 
that ip is a logical consequence of <p, <p l ,(p 2 ,... ,(p k that ip is true. Hence, 
using the truth table for —►, the formula (0 —> ip) is true. Thus in either case 
(cp —> ip) is true. It follows that this formula is a logical consequence of 
(p 1 ,<p 2 ,... ,<p k , and hence that the Conditional Proof Rule is logically valid. 

It is equally easy to see that the Conditional Proof Rule meets our machine 
checkability requirement. Suppose that this rule has been used on a certain 
line. To check that a correct use of the rule has been made, two things need 
to be checked. First, the formula that has been derived must have the form 
(<p —> ip) where ip is the formula which occurs on the earlier line referred to 
in the justification and where <p is one of the assumptions in force on this 
line. Second, the assumptions which are listed as being in force on the line 
on which ((p —► ip) occurs must be precisely the assumptions on the earlier 
line other than (p. It should be evident that both checks can be carried out 
algorithmically. 

You should note that whenever we use the Conditional Proof Rule one 
assumption formula is removed. Since in most formal proofs the Assumption 
Rule will be used to introduce assumptions, it is useful also to have a rule 
which allows assumptions to be eliminated. 


Schematic proofs 

Look back at the formal proofs given in Examples 1.1 and 1.2. The validity 
of each proof depends on the meanings given to the connectives used in the 
formulas in these proofs. These connectives are used to build up formulas 
from subformulas which do not contain any connectives. In order to give 
explicit examples we had to specify the details of these subformulas, but the 
validity of these proofs does not depend on these details in any way. 
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For example, in Example 1.2 we noted that the formula 
(x = y —> (x = y V y = 0)) is a tautology. We can show this by letting 9 and 
X represent x = y and y = 0 respectively, so that the formula becomes 
(0 —* (9 V y)), and then drawing up a truth table for this formula. However, 
the formula (9 —> (9 V x)) is a tautology whatever formulas are substituted 
for 9 and x■ This means that the following is a valid formal proof whatever 
formulas 9 and x happen to be. 

1 (1) 9 Ass 

1 (2) (9 V x) Taut, 1 

(3) (0-(0V X )) CP, 2 

We get the proof of Example 1.2 when 9 is the formula x = y and x is the 
formula y = 0. If we make a dilferent choice for 9 and x we obtain a 
different formal proof, as in the next example. 

Example 1.3 

1 (1) 3xx = O' Ass 

1 (2) (3a: x = O' V Vx (x + 0) = x) Taut, 1 

(3) (3xx = O' —■> (3a: a: = O' V Vz (x + 0) = a;)) CP, 2 

This formal proof has been obtained by substituting in the table above the 
formula 3xx = 0' for 9 and the formula Va; (x + 0) = x for x- ♦ 

Although the formal proofs of Examples 1.2 and 1.3 are different proofs, the 
fact that they can both be obtained from the above table by making 
substitutions for 9 and x brings out the fact that they both have the same 
logical form. The advantage of the above table is that it enables us to 
concentrate on what is essential, namely that the formulas in the proof are 
built up from the subformulas 9 and x using connectives in the way shown. 

The internal structure of 9 and x is not relevant here, and it helps not to 
show it. 

In propositional logic, which was 
mentioned at the end of 
Subsection 3.1 of Unit 4, schematic 
proofs are isolated for study by 
themselves. 

1 (1) ip Ass 

2 (2) -up Ass 

1,2 (3) <p Taut, 1,2 

1 (4) CP, 3 

This shows that whatever formulas we substitute for <p and ip, the resulting 
formula (->ip —> cp) may be derived from the assumption ip. 

The use of the Tautology Rule on line 3 is justified because the formula 
((ip & -iip) —* <p) is always a tautology, as you may readily check. The 
assumptions in force on line 3 include -up and hence, by using the 
Conditional Proof Rule, we can introduce the formula (-up —> cp) on line 4; 
the assumptions in force on this line are those in force on line 3 other than 
~'ip- ♦ 


We call such a table a schematic proof. Whatever formulas are substituted 
for the Greek letters, it becomes a valid formal proof. 

We now give some more examples of schematic proofs. 

Example 1.4 
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Example 1.5 


1 

(1) 

<P 

Ass 

2 

(2) 

ip 

Ass 

1,2 

(3) 

(cp k ip) 

Taut, 1,2 

1 

(4) 

(ip^> (<pkip)) 

CP, 3 


(5) 

(<P^(iP^ (<pkip))) 

CP, 4 


The use of the Tautology Rule on line 3 is justified because 
((<p & ip) —> (<p k ip)) is always a tautology. On line 4 we have used the 
Conditional Proof Rule to drop ip from the list of assumptions in force, and 
on line 5 we have used it to drop (p from the list of assumptions. Thus we 
end up with a schematic proof which shows that, for all formulas (p and ip, 
there is a formal proof of the formula ((p —i► (ip —► (cp kip ))) which depends 
on no assumptions. ♦ 

Example 1.5 provides an example of a common use of the Conditional Proof 
Rule. Suppose we wish to derive an implication of the form (6 —> x) from a 
given set of assumptions. We add the formula 6 to the list of assumptions, 
and then we aim to find a proof of \ from this augmented list of 
assumptions. If we succeed in this, we can then use the Conditional Proof 
Rule to derive (6 —+ x) from the remaining assumptions. In Example 1.5 we 
used this strategy twice. To prove (<p —> (ip —* (<p k ip))) from no 
assumptions, we first made the assumption (p with the aim of deriving 
(ip — > (<pk ip)). Then we used the same strategy to derive (ip — > (<pk ip)): we 
added ip to the list of assumptions and then aimed to derive (cp kip ). It was 
straightforward to achieve this latter aim, as we did on line 3, using the 
Tautology Rule. We then used the Conditional Proof Rule twice to complete 
the task of deriving (<p —* (ip —> (cp kip))) from no assumptions. 

Problem 1.1 _ 

The following schematic proofs are incomplete because the assumption 


numbers 

on the left-hand side < 

of each line are missing. 

(i) 

Fill i 

n these missing assumption 

numbers. 

(ii) 

Where the Tautology Rule 

has been applied, state which tautology has 


been 

used. 



(a) 

(1) 

ip 


Ass 


(2) 

<P 


Ass 


(3) 

(<pk ip) 


Taut, 1 


(4) 

(<pkip) 


Taut, 1,2 


(5) 

((<p\/ip)k((pkip)) 


Taut, 3,4 


(6) 

(ip — > ((<p V ip) k(<pk 

VO)) 

CP, 5 

(b) 

(1) 

(4>kx) 

Ass 



(2) 

X 

Ass 



(3) 

<p 

Taut, 

1,2 


(4) 

ip 

Ass 



(5) 

(<p k ip) 

Taut, 

3,4 


(6) 

(-'X -► (<pkip)) 

CP, 5 



(7) 

(xV(<pkip)) 

Taut, 

6 


(8) 

(X V (<P k ip))) 

CP, 7 
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Problem 1.2 ___ 

(a) Give a schematic proof to show that for all formulas <p, and ip there is a 
formal proof of the formula ->((/> —> ip) from the assumptions <p and -up. 

(b) Show how your schematic proof of part (a) may be extended to give a 
schematic proof of 

(<p -¥ (~,1p -> -.(</> -* $))) 
depending on no assumptions. 

Problem 1.3 __ 

Give schematic proofs to show that for all formulas cp and ip there is a formal 

proof of each of the following formulas depending on no assumptions. 

(a) {<p -> ((cp -+ip)-> ip)) 

(b) ((-><£ -»• ->ip) -* ((-><p ->ip)^> <p)) 


You have now seen three rules of proof: the Assumption Rule, the Tautology 
Rule and the Conditional Proof Rule. Before we go on to look at further 
rules in Sections 2 and 3, it is worth pausing to reflect on the Tautology 
Rule. This rule is based on the idea of tautological consequence. However, 
since the aim of our rules is to provide logically valid proofs, a concept based 
on the idea of logical consequence, would it not be better to replace the 
Tautology Rule with one based on this concept? So, suppose that, in 
Definition 1.2, we were to replace ‘tautological consequence’ by ‘logical 
consequence’. The amended rule would still meet our requirement for logical 
validity. However, it would not meet our requirement for machine 
checkability. This is because the notion of logical consequence refers to all 
possible interpretations of our formal language, and there might be infinitely 
many of these. For this reason alone, you might find it plausible that such a 
rule would not be machine-checkable. In fact it is not even 
machine-checkable when applied solely to the standard interpretation Jf, the 
cause of which failure is the inclusion of the infinite set N in UP. Thus we 
must settle for the Tautology Rule as given in Definition 1.2, which we have 
seen is machine-checkable. 

It may now surprise you, having seen that logical validity is linked via 
logical consequence to all possible interpretations of our formal language, 
that, by adding just a few more rules, we can obtain a machine-checkable 
formal system adequate to provide a formal proof of ip from assumptions 
(p 1 , <p 2 , ■ ■ ■, <p k whenever ip is a logical consequence of these formulas. But 
such rules do exist and we begin describing them in the next section. 


A proof that logical consequence is, 
in general, not machine-checkable 
will be given in Unit 8. 
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2 QUANTIFIER LOGIC: THE 
UNIVERSAL QUANTIFIER 


In this section and the next we shall describe the rules of proof that we use 
to handle the quantifiers. We shall deal in this section with the universal 
quantifier V, and in the next section with the existential quantifier 3. We 
shall start this section with an important technical discussion about 
variables in formulas. 


Plainly a major requirement of our 
rules of proof is that they should 
handle quantifiers. Hence we shall 
sometimes refer to the proof 
system developed in this unit and 
in Unit 6 as quantifier logic. 


2.1 Free and bound variables 

In this subsection we shall discuss a distinction between two different roles 
that variables can play in formulas. The distinction we make is not difficult 
to understand in general terms, as it corresponds to different ways in which 
variables are used in everyday mathematics. However, for our purposes, a 
general idea of the distinction is not quite good enough. We shall need to 
look in detail at the syntax of formulas so that we have an algorithmic 
method for making the distinction which concerns us. 

We have already alluded to this distinction in Unit 4- At the end of 
Subsection 3.2 we considered the following three formulas 

(a) 3z (*•*) = 0"" 

(b) Vy 3 x(x • x) = y 

(c) 3x (x • x) = y 

and we asked whether or not they are true in the standard interpretation JU. 
We remarked that formula (a) is true and formula (b) is false, but we cannot 
say whether or not formula (c) is true unless we know which element of the 
domain the variable y is interpreted as referring to. This distinction between 
the role of the variable y in formula (c) and that of the other variables arises 
from the syntax of these formulas. It has nothing to do with the properties 
of JV. It arises in any interpretation. For example, in the interpretation 
whose domain is the set IR of real numbers, and with the standard 
operations of addition and multiplication on this set, formula (c) is true if 
and only if the variable y is interpreted as referring to an element of IR which 
has a square root in IR, that is, to a non-negative real number. 

In formula (a) the variable x is associated with an existential quantifier. Its 
role is to express the existence of a solution of the equation 

(*•*) = 0 "" 

In any given interpretation the term 0"" will be interpreted as referring to a 
specific element of the domain. Either this equation has a solution for this 
interpretation of 0"" or not. In the former case the formula (a) is true in the 
given interpretation and in the latter case it is false. 

Similarly, in formula (b) both the variables x and y are associated with 
quantifiers. The variable y is associated with a universal quantifier and so its 
role is to express the fact that, in a given interpretation, there exists a 
solution x to the equation 

(x-x)=y 

whichever element of the domain the variable y is taken as referring to. For 
each specific interpretation this fact will be either true or false, and 
correspondingly formula (b) will be true or false. 

In contrast, the variable y is not associated with a quantifier in formula (c), 
so it neither expresses universality nor existence. In order to determine 
whether this formula is true in a given interpretation we need to know to 
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which element of the domain it refers. Note that this situation does not arise 
for the variable x in this formula, as it is associated with an existential 
quantifier. 

We now show how we can make precise this distinction between the two 
sorts of roles that variables can play. Variables that are associated with 
quantifiers are called bound variables and those that are not are called free 
variables. As we shall see, free variables are so called because, in a sense to 
be made more precise later, we are free to substitute values for them. 

A key point to note is that the same variable will often occur more than 
once in a formula, and in such cases some of these occurrences will be 
associated with quantifiers and some not. For example in the formula 

(Va; 3y y = x' & 3a; (x • x) = y) 

the variable y occurs three times. The first two occurrences are associated 
with the existential quantifier and are bound occurrences, but the third is 
not associated with any quantifier and is thus a free occurrence. 

We see from this example that the distinction we need to make is between 
free and bound occurrences of variables in formulas. We do this by thinking 
about the formation rules for formulas. You will recall that formulas are 
built up from atomic formulas using the connectives and quantifiers. In an 
atomic formula all occurrences of variables are free occurrences. The status 
of the variables does not change when we introduce connectives. The free 
occurrences of variables in -k/>, (<p&cip), (<p V ip), (cj> —> ip) and (<j> <-* ip) 
correspond to the free occurrences in <p and ip, and likewise for the bound 
occurrences. It is the introduction of quantifiers that binds variables. Thus 
in the formulas Vu <p and 3v <p, all occurrences of the variable v are bound 
occurrences. 

Thus if we trace how a formula is built up from atomic formulas as we did in 
Unit f, we can work out which occurrences are free and which are bound. 

To illustrate this, let us consider the usual analysis of the formula 

((y = 0v3yx = (y + y)) -*Vz3x(y + x) = z) (2.1) 

It is as follows: 

((j/ = 0V 3y x - (y + y)) -* Vz 3x (y + x) = z) 



Vz 3x (y + x) = z 

|® 

3x(y + x) = z 

\® 

(■y + x)-z 

We can look at this diagram in two ways. Reading from top to bottom, it 
shows how the original formula can be broken down into components. On 
the other hand, reading from bottom to top, it shows how this formula is 
built up from atomic formulas. To distinguish the free and bound 
occurrences of variables we look at this diagram in this second way. We have 
labelled the stages at which quantifiers are introduced. Each introduction of 
a quantifier leads to all the occurrences of the relevant variable being bound 
in the resulting formula, and these occurrences remain bound as we continue 
upwards, and hence are bound occurrences in the original formula at the top 
of the diagram. We have underlined all the bound occurrences of variables 
from the stage where they first get bound. 


(y = 0V3yx = (y + y)) 


y = 0 3yx = (y + y) 


x = (y + y) 


As we comment at the end of this 
subsection, an analogous 
distinction occurs in everyday 
mathematics, where variables 
associated with the analogue of 
quantifiers are often called dummy 
variables. 


See Unit 4, Subsection 2.1. 


The underlining indicates bound 
occurrences of variables. 

Formula (2.1) provides another 
example of the same variable 
having both free and bound 
occurrences in a formula. For 
example, reading from left to right, 
the first and last occurrences of the 
variable y are free occurrences, and 
the other three occurrences of y are 
bound occurrences. 


Note that whenever we introduce a 
quantifier, the occurrence of the 
variable immediately following the 
quantifier counts as a bound 
occurrence. That is why in the 
example above we have 3x. 3y and 
Vz with the variables underlined. 


27 




Clearly the underlining process we have carried out here is purely 
mechanical, and hence it provides us with an algorithm for deciding whether 
or not a given occurrence of a variable in a formula is free or bound. 

Example 2.1 

\/x3yVz ((x + y) — z V (x — 0 V y = z)) 

The analysis is as follows: 


Vx 3y\/z ((x + y) = 2 V (x = 0 V y = z)) 

I® 

ByVz((x + y) = z V (x = 0 V y = z)) 



Vz ((a; + y) = z V (a: = 0 V y = z)) 

® 

((x + y) = z V (x = 0 V y = z)) 



(x + y) = z (x = 0 Vy = z) 



Thus all the occurrences of x, y and z in the formula are bound. If you 
noticed that the formula has the form Vx3 yVzcf) you could have drawn this 
conclusion without the need for the above analysis. ♦ 

Example 2.2 

(a) (By (y • y) = x k3t (x + t) = y) 

(b) By ((yy)=xk Bt (x + t)= y) 

Here are the analyses 

( a ) (By (y-y)=x&3t(x + t)=y) 



By(y-y) = x Bt(x + t) = y 



(yy) = x (x + t) =y 


(b) By((y-y) =xk3t(x + t) = y) 


((yy) = X &3t(x + t) =y) 



(yy)=x Bt(x + t) = y 


(x + t) =y 
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The examples show how important bracketing can be. In (a) the first three 
occurrences of y are bound, whereas the fourth occurrence is free. In (b) all 
the occurrences of y are bound. In (a) and (b) both occurrences of x are 
free, and both occurrences of t are bound. ♦ 

After some practice, it should be possible for you to distinguish between free 
and bound occurrences of variables without the need to write down the 
analysis of the formula. 

In Example 2.1, there are no free occurrences of variables. Formulas with 
this property are called sentences. 


Definition 2.1 Sentence 

A sentence is a formula in which there are no free occurrences of 
variables. 


Thus a sentence is a formula in which all occurrences of variables are bound 
occurrences. Note that there are some formulas in which there are no 
variables at all. One example is ->0" = O'". Such formulas count as 
sentences. In any given interpretation, a particular sentence is either true or 
false — there is no extra complication of having to specify values in the 
domain for any free variables. 

We end this subsection with some remarks about free and bound variables in 
everyday mathematics. In this context formulas are usually expressions 
which can take numerical values. Here are some examples. 



Expression (a) has a definite numerical value, whereas in (b) the value 
depends on the value of the free variable a. However, in (a) and (b) it does 
not make sense to ask for the value of x; its role is to show which function 
we are integrating. We could replace x in (a) or (b) by another variable 
without changing the meaning. So, for example, 

[ x 2 dx = f t 2 dt. 

Jo Jo 

In logic we call such a variable a bound variable; in everyday mathematics it 
is more usual to call it a dummy variable. Likewise, in (c) and (d), n is a 
bound or dummy variable, whereas in (d) x is free. 

Problem 2.1 _ 

In the following formulas, determine which occurrences of variables are free 
and which are bound. State which of the formulas are sentences. 

(a) Vx 3y -> x = y 

(b) ((a: = y V 3 1 (x + t) = y) V 3 1 (;y + t) = x) 

(c) (32 (z • x) = y -> Vy (3z (z • j/) = x -♦ ->3x (x • x) - y)) 

(d) 3x (x = y V -i x = y) 

(e) (3xx = y V ->x = y) 


To avoid complications with free 
variables, it is customary to express 
axioms for number theory, which 
we shall do in Unit 6, as sentences. 
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2.2 The Universal Quantifier Elimination Rule 

Now that we have dealt with the distinction between free and bound 
occurrences of variables, we are in a position to begin describing the formal 
rules of proof for the quantifiers. We start with the universal quantifier V. 

We have two rules of proof associated with this symbol, one for eliminating 
it from a formula and the other for introducing it into one. We consider the 
elimination rule first. 

Our method for devising the quantifier rules will be to look at how 
quantifiers are handled in informal mathematical arguments, and to mirror 
this in our formal rules. So we begin by looking at some examples. Consider 
the following simple argument from elementary number theory. 

From the identity x 2 — 1 = (x — l)(a; + 1), it follows that 
7 2 — 1 = (7 — 1)(7 + 1) and so is divisible by 8. 

At first sight no universal quantifier is present; but it must be remembered 
that in informal mathematics the symbol V is not often used, other methods 
being used to indicate that statements are universally true. In the example 
above, the word ‘identity’ has been used to indicate that the equation is true 
for all values (in the relevant domain — here, the natural numbers) of the 
variable x. So the deduction in this passage, expressed slightly more 
formally, is as follows. 

From 

Vxx 2 — 1 = (x — l)(a; + 1) (2.2) 

we deduce that 

7 2 — 1 = (7 — 1)(7 + 1) (2.3) 

We can see that, in going from (2.2) to (2.3), the universal quantifier V and 
the variable x following it have been eliminated, and all the remaining 
occurrences of x have been replaced by occurrences of the symbol 7; the 
variable which expressed generality in (2.2) has been replaced in (2.3) by the 
symbol for a particular number. 

We are not obliged to replace the variable by a numeral; it could be replaced 
by a more complicated expression. For example, in an argument in 
trigonometry, where the range of values taken by the variables would be the 
set of real numbers, we might want to deduce from (2.2) that 

(sint) 2 — 1 = (sinf — l)(sinf + 1). (2-4) 

So this time x has been replaced by sin t , and it is easy to imagine situations 
where we would want to substitute even more complicated expressions for x. 
In general, the sort of expressions we might want to substitute for x will be 
those that can stand for elements of the domain of the interpretation 
(usually numbers). Recall that, in Unit 4, we called these expressions terms. 
So the rule we are looking for will be one which allows us to drop a universal 
quantifier and the variable which follows it from the beginning of a formula, 
and to replace all the remaining occurrences of the variable, which are now 
free occurrences, by a given term. In order to be able to state this rule 
succinctly, it is convenient to introduce some notation. 


Definition 2.2 

If <j> is a formula, v is a variable and r is a term, then 4>(r/v) is the 
result of substituting the term r for each free occurrence of v in 0. 


You can think of 4>{t/v) as 
meaning ‘(f> with r replacing all the 
free occurrences of v\ 


It should not be difficult to convince yourself that if <f> is a formula then so is 
<t>(r/v). 
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Example 2.3 

(a) Let <j> be the formula 

3y y = (x + x) 

Both occurrences of x in <j> are free occurrences and so <p(0/x) is the 
formula 

3yy = (0 + 0 ) 

and 4>{{x • z)/x) is the formula 
3yy = ((x • z) + (x- z)) 

(b) Let (p be the formula 

{Mz (y • z) = y -*• My (y • z) = y) 

Here the first two occurrences of the variable y are free occurrences, but 
the remaining occurrences are all bound. Hence the formula <j>(0'/y) is 

(Vz (O' • z) = 0' -*• My (y • z) = y) 

For a similar reason <p(0'/z) is 

(Vz (yz)=y-+My(y O') =y) ♦ 

Problem 2.2 _ 

In each of the following cases, where you are given a formula <f>, a term r and 
a variable v, write down the formula 4>(t/v). 


(a) 

<A 

is 

{yy) = 

(x • (z + y)), T is ( 

z" + 0) 

, v is x 

(b) 

<t> 

is 

(: 3x ( X • x) 

— y 8zx = 

= (z + y)), 

r is O', 

v is x. 

(c) 

<t> 

is 

3x (( x • x) 

— y & x = 

-- (z + y)), 

r is O', 

v is x. 

(d) 

<t> 

is 

3x ((x • x) 

— yhx = 

-- (z + y)), 

t is O', 

v is y. 

(e) 

<t> 

is 

3yy = (ar + z), Tis 

y r , v is x. 



(f) 


is 

3x ( z + x) 

= (z-x), 

r is x, v h 

z. 


(g) 

<t> 

is 

3x (z + x) 

= (z-x), 

t is z, v is 

z. 



In terms of the notation we have just introduced, the formal rule we are 
aiming at should tell us that from a formula Mv <p we can derive </>(t/v), 
where r is some term. 

Before we state this rule we need first to check that it meets our 
requirements of logical validity and machine checkability. Since we have an 
algorithm to decide which occurrences of variables in a formula are free 
occurrences, it is easily seen that the second requirement is met. 

At first sight, everything also seems to be in order with the requirement of 
logical validity. If the formula Mv <j> is true in some interpretation, then every 
element of the domain must have the property expressed by the formula 4>. 
In particular, the element corresponding to term r has this property, and so 
it would seem that the formula <t>(r/v) must also be true. This is almost 
correct, but it overlooks a technical complication which we now explain. 

When we were discussing the difference between free and bound occurrences 
of variables, we said that the truth of the formula depends on the 
interpretation of the free variables, and in this sense expresses properties of 
these variables. The bound variables are just ‘dummies’ whose role is, for 
example, to express generality. The deduction of <J)(t/v) from Mv <f> will be 
valid only if 4>(t/v) says the same thing about r as <j> says about v. T hings 
will go wrong if there are variables in r which become bound when we 
substitute t for the free occurrences of v in <fi. 





For example, let (p be the formula 3yy = (x + x), so that Vx <p is the formula 

Vx 3y y = (x + x) (2.5) 

and let r be the term ?/, so that <p(r/x) is the formula 

3yy = (y 1 + y') (2.6) 

Formula (2.5) is true in the standard interpretation jV\ it says that, for each 
natural number, there is another natural number which is twice the original 
number. However, formula (2.6) is false in JF: it asserts that there is a 
natural number y such that y = (y + 1) + (y + 1), which is clearly not true. 
Since there is an interpretation which makes (2.5) true but (2.6) false, we 
cannot validly deduce (2.6) from (2.5). The reason that something has gone 
wrong is that the term t contains the variable y. and these occurrences of y 
become bound when we substitute r for x in (p. 

To avoid this sort of problem and ensure that the inference of <P(t/v) from 
\/v cp is logically valid, we shall require that no occurrences of variables in r 
become bound when we substitute r for free occurrences of v in cp. It is 
convenient to have a shorthand expression for this condition, so we make the 
following definition. 


Definition 2.3 Free substitution 

We say that the term r may be freely substituted for the variable v in 
the formula <p if no occurrences of variables in r become bound when 
we substitute r for free occurrences of v in <f>. 


Example 2.4 

(a) Let (p be the formula 

(yy) = {x-{x + y)) 

and let r be the term (z" + 0). The only variable in r is z and, since 
there are no quantifiers involving z in <p, neither of the occurrences of z 
in <P(t/x) is bound. So r may be freely substituted for x in <f>. 

(b) Let <p be the formula 

3z (z-y) = (x-(z + y)) 

and let t be the term (z" + 0) . The term r may not be freely 
substituted for x in <j> since the variable 2 occurring in r becomes bound 
in 4>(t/x), which is the formula 

3z (z • y) — ((z" + 0) • (z + y)) 

(c) Let 4> be the formula 

(r = 0' V 3 xy — x') 

and let r be the term (x + y)- Only the first occurrence of x in 0 is a 
free occurrence and hence 4>(t/x) is the formula 

((a: + y) = O' V 3x y = x') 

We see that both the variables x and y which occur in t gives rise to free 
occurrences of these variables in 4>(t/x). Thus r may be freely 
substituted for x in </>. 

However, r may not be freely substituted for y in <f >, since the formula 

<t>( T /y ) is 

(x = O' V 3x (x + y) = x') 

and the occurrence of the variable x in the term (a: T y) becomes bound 
in <p(T/y). ♦ 
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Problem 2.3 _ 

In which of the following cases may the term r be freely substituted for the 
variable v in the formula 0 ? 

(a) (j> is (3 z z = y' & 3t (t • t) = x), r is (z" -y), v is x. 

(b) (j) is 3z (z = y' & 3 1 (t • f) = x), t is (z" ■ y), v is x. 

(c) <p is (Vx 3z x = (z + z) —> 3t (t + t) = (y + z)), t is (y + x), v is y. 

(d) i ■)> is Vx 3 y ((i/ + j/)=iV(|/ + y') = x), r is (y + x), v is y. 

(e) (/> is My (3x (x + a;)=j/^j/=(x' + x)), r is x, ?; is x. 


We can now state our formal rule for the elimination of the universal 
quantifier. 


Definition 2.4 Universal Quantifier Elimination Rule (UE) 

If the formula Mv <f> occurs on a line in a formal proof and t is a term 
which may be freely substituted for the variable v in <p, then on any 
subsequent line we may introduce the formula <p(r/v), which will 
depend on the same assumptions as does V?; </>. 


With the specified condition on the term r, the rule can be shown to be 
logically valid. Any algorithm to check which occurrences of a variable v are 
free can be extended to check whether a term r may be freely substituted for 
these occurrences. So our requirements for logical validity and machine 
checkability are met. 

Example 2.5 

We cannot give any very interesting examples of the use of the Universal 
Quantifier Elimination Rule until we have some other rules for quantifiers at 
our disposal. Meanwhile, here is a simple example of a formal proof which 
uses this rule twice. 

1 (1) MxMy(x + y) = (y + x) Ass 

1 (2) My ((z + x) + y) = (y + (z + x)) UE, 1 

1 (3) ((z + x)+i) = (x + (2 + x)) UE ,2 

If we call the formula on line 1 Vx <f>. so that <f> is the formula 
Vy (x + y) = (y + x), then the formula on line 2 is 0((z + x)/x). The use of 
the the UE Rule in going from line 1 to line 2 is legitimate as the term 
(z + x) may be freely substituted for x in <f>. If now we call the formula on 
line 2 My ip, so that if is the formula ((z + x) + y) = (y + (z + x)), then the 
formula on line 3 is ip(x/y). Again, the use of the UE Rule is legitimate, 
since the term x may be freely substituted for y in if. Indeed, as there are 
no quantifiers in if, any term may be freely substituted for y in ip. ♦ 

Problem 2.4 _ 

Show that the formula 

(O' + 0") = (0" + O') 
can be derived from the assumption 
MxMy (x + y) = (y + x) 

Problem 2.5 _ 

Is it the case that, for any term r, the formula 3y->r= y is a logical 
consequence of the formula Vx 3y ->x = yl 





The last problem is a reminder of why we need to be careful about the 
details of substituting a term for a variable within a formula. We shall need 
to be similarly careful with several of our remaining rules. 


2.3 The Universal Quantifier Introduction Rule 

Note that, in more advanced books 
on logic, the term universal 
formula is used to mean something 
stronger than one of the form \/v <j>. 


To find the appropriate rule for introducing universal quantifiers into formal 
proofs, we need to consider how universal statements, that is, statements or 
formulas of the form Vu </>, are proved in mathematics. 

Consider, for example, the proof of the following theorem about groups. 


Theorem 

Don’t worry if you are not familiar 
with group theory; the 
mathematical details of the proof 
are not important for our purposes. 

Proof 

Take g, h in G. Then 

(h~ 1 g~ 1 ){gh) = h~ l (g~ l g)h = h~ 1 eh = h~ 1 h = e, 
where e is the identity element of G. 

Thus h~ l g~ 1 is the inverse of gh, that is, 

(gh)' 1 =h~ 1 g~ 1 . (2.8) 

This completes the proof. ■ 


Let G be a group. Then for all g, h in G, 
{gh)- 1 = h^g- 1 . 


(2.7) 


This proof establishes the universal statement (2.7) about all elements of the 
group G. We proved it by taking two elements g and h of G and showing 
that they satisfy formula (2.8). Why does this enable us to claim that we 
have thereby proved the universal statement (2.7) and hence that we have 
completed the proof of the theorem? The reason is that in deriving (2.8) we 
made no special assumptions about g and h. We used several properties of 
groups (without mentioning them explicitly) such as the associative 
property, but all we assumed about g and h was that they were elements of 
G. That is why the universal statement (2.7) follows from (2.8). 

We see from this that the standard method for proving a universal formula 
such as Vi> <f> is to prove 4> without making any special assumptions about v. 
It then follows that (j> is true for every v being considered, that is, Vw 4> is 
true. We saw earlier that a formula tells us something about a variable v 
only when v occurs freely in the formula. Thus, a derivation of <j) which 
makes no special assumptions about v corresponds to a formal proof of <fi 
from assumption formulas which contain no free occurrences of v. This leads 
us to the following rule. 


Definition 2.5 Universal Quantifier Introduction Rule (UI) 

If the formula 4> occurs on a line of a formal proof and the variable v 
has no free occurrences in any of the assumptions in force on that line, 
then on any subsequent line we may introduce the formula Vv <j>, which 
will depend on the same assumptions as does <j>. 


With the restriction that the assumptions contain no free occurrences of v , 
the rule can be shown to be logically valid. As with the Universal Quantifier 
Elimination Rule, it is easy to see that this rule is machine-checkable. 
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Example 2.6 

The following formal proof is typical in the sense that we make several 
applications of the Universal Quantifier Elimination Rule before we are ready 
to apply the the Universal Quantifier Introduction Rule. In this example, 
each time we apply the UE Rule, the term r is just the variable x itself. 


1 

(1) 

VxVyVz (x + (y + 

z)) = ((x 

+ 

y) + z) 

Ass 

1 

(2) 

VyVz (x + (y + z)) 

= ((* + 

y) 

+ z) 

UE, 1 

1 

(3) 

Vz (x + (x + z)) = 

((x + x) 

+ 

z) 

UE, 2 

1 

(4) 

(x + (x + x)) = ((a; + x) + 

x) 


UE, 3 

1 

(5) 

Vx (x + (x + x)) = 

((x -t- x) 

+ 

x) 

UI, 4 


To see whether the use of the UI Rule on line 5 is legitimate, we need to 
look at the line from which line 5 has been derived. The annotation to the 
right of this line tells us that is has been derived from line 4 using the 
UI Rule. For this use to be legitimate, the variable x must have no free 
occurrences in any of the assumptions on which line 4 depends. The only 
assumption in force on line 4 is the formula on line 1. We see that x has no 
free occurrences in this formula. So the use of the UI Rule on line 5 is 
legitimate. The UI Rule then tells us that line 5 depends on exactly the 
same assumptions as does line 4. 4 

Problem 2.6 _ 

Show that the formula 

Vx ((x + x) • x) — ((a; • x) + (x • x)) 
can be derived from the assumption 

VxVyVz ((x + y)-z) = ((;x • z) + (y ■ z)) 


Example 2.7 

We shall show that the formula 


H 

> 

a 

> 

+ y) = (y + x) 


can be derived from the assumption 


WxVy (x 

+ y) = {y + x) 


1 

(1) 

VxVy (x + y) = (y + x) 

Ass 

1 

(2) 

Vy {x + y) = (y + x) 

UE, 1 

1 

(3) 

(x + y) = (y + x) 

UE, 2 

1 

(4) 

Vx (x + y) = (y + x) 

UI, 3 

1 

(5) 

Vt/Vx (x + y) = (y + x) 

UI, 4 


On line 4 we use the UI Rule to add the prefix Vx to the formula on line 3. 
To see whether this is a legitimate use of the UI Rule, we must check that 
the variable x does not occur freely in any of the assumptions on which 
line 3 depends. Similarly, to see whether the use of the UI Rule on line 5 is 
legitimate, we must check that the variable y does not occur freely in any of 
the assumptions on which line 4 depends. Both line 3 and line 4 depend on 
the formula on line 1 as an assumption. The formula on line 1 is a sentence, 
that is, it contains no free occurrences of variables. Hence both uses of the 
UI Rule in this proof are legitimate. 4 




On line 2 of the formal proofs in both Examples 2.6 and 2.7, we have used a 
particularly simple case of the UE Rule. In each case the term r is the same 
as the variable v it replaces, so xp(r/v) is <p(v/v); and, clearly, xp(v/v) is 
identical to xp. So this simple case of the UE Rule can be stated as: 

from V'i> xp we can derive xp, which will depend on the same assumptions 
as does Vv xp. 

Since v can certainly be freely substituted for v in xp, this is always a 
legitimate use of the UE Rule. 

It is convenient at this stage to introduce the following notation. 


Definition 2.6 

We write 

<Pl,<p2i---i<Pk b Ip 

to indicate that the formula xp can be derived from assumptions 
included among the formulas <p x ,xp 2 ,... ,xp k . 

Thus, if xp 1 ,xp 2 , ... ,xp k and xp are formulas, we may write 

4>lA2,---,<Pk ip 

if there is a formal proof on whose last line is the formula xp and the 
assumptions in force on that line are included among xp x ,xp 2 ,... ,xp k . I n 
particular, we may write 

h xp 

if there is a formal proof of the formula xp depending on no assumptions. 
The symbol h is often called the turnstile symbol. 

In terms of this new notation we can say that the formal proof of 
Example 2.7 shows that 

Vx My (x + y) = (y + x) h Vy Vx (x + y) = (y + x) 

It is not difficult to see that this is a particular instance of the fact that, for 
every formula (p and all variables u and v, 

Vu'ivxp t- 

Example 2.8 

For all formulas xp and xp, 

Vu (p, Vw (<p —> xp) h Vu xp 

Note first that, because here we have made a general claim about the 
existence of a formal proof whatever the formulas xp and, xp are, we shall 
need to justify it by giving a schematic proof as described in Subsection 1.2. 
We seek a schematic proof in which Vw xp occurs on the last line and the 
assumptions in force on that line are xp and Vv (xp —> xp). Thus our first 
move will be to introduce these two formulas as assumptions. 


The turnstile symbol was 
introduced into logic by Frege. It is 
not a symbol of our formal 
language. 
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We are aiming to derive the conclusion Wv ip and we know that if we can 
derive ip then, under the right conditions, we can derive Wv ip by the UI Rule. 
Having introduced Wv <p and Wv (<p —> ip) as assumptions, it is natural to use 
the UE Rule to derive <p and (<p —► ip) from these assumptions. In fact, we 
can use the special case of the UE Rule mentioned immediately after 
Example 2.7. The gap we then have to fill is to go from cp , ( <P —► ip) to the 
desired conclusion ip. But we have seen that the formula 
((<P &(</>—> ip)) —> ip) is a tautology. Thus we can derive ip from <p, (<p —» ip) 
by the Tautology Rule. Let us see if we can carry out this plan. 


1 

( 1 ) 

Wv (p 

Ass 

2 

( 2 ) 

Wv (cp —> ip) 

Ass 

1 

( 3 ) 

<t> 

UE, 1 

2 

( 4 ) 

( <p-*ip) 

UE, 2 

1,2 

( 5 ) 

ip 

Taut, 3,4 

1,2 

( 6 ) 

Vvip 

UI, 5 


The use of the UI Rule is legitimate since the variable v does not have any 
free occurrences in either of the assumptions on which line 5 depends, 
namely the formulas on lines 1 and 2 . 4 

There are no infallible rules for finding formal proofs, but it is often possible 
to formulate a plan, as in the preamble to the schematic proof in 
Example 2.8. The next example involves another helpful tip. 

Example 2.9 

For all formulas <p and ip, 

Wv {<p —> ip) h (Wv cp —> Vu ip) 

Since we wish to show that we can derive the formula (Wv (p —*• Wv ip) from 
the assumption Wv (<p —> ip), we introduce this latter formula as an 
assumption on the first line. We then think about how we might derive the 
conclusion (Wv<p —>Wvip). If we can derive Wv ip from assumptions which 
include Wv <p then, by using the Conditional Proof Rule, we are able to derive 
(Wv (p —>\/vip) from the remaining assumptions. So we introduce Wv (p as a 
second assumption. We are now aiming to derive Wvip. This puts us in 
exactly the same situation as in Example 2.8 and hence we use the same 


method as 

in that example. We thus arrive at the following formal proof. 

1 

( 1 ) 

Wv (<p —► ip) 

Ass 

2 

( 2 ) 

Wv(p 

Ass 

1 

( 3 ) 

(■ <t> -► ip) 

UE, 1 

2 

( 4 ) 

<P 

UE, 2 

1,2 

( 5 ) 

ip 

Taut, 3,4 

1,2 

( 6 ) 

Wvip 

UI, 5 

1 

( 7 ) 

('Wv <p —> Wv ip) 

CP, 6 


You will note that, except for a change in the order, the first six lines are 
exactly the same as those of the schematic proof of Example 2.8. Then a use 
of the Conditional Proof Rule gives us the formula (Wv <p —> Wv ip) at which 
we are aiming. 4 

In Example 2.9 we have used the following standard technique. If we want 
to derive an implication, say (6 —> y), from a certain set of assumptions, 
then we add 6 to these assumptions. We then try to derive y. If we succeed 
in doing this, then, by using the Conditional Proof Rule, we obtain a 
derivation of (6 —> y) from the remaining assumptions. 


See the solution to Problem 3.7 of 
Unit 4- 


We shall summarize some 
guidelines for finding formal proofs 
in Section 1 of Unit 6, after we 
have met all the quantifier rules. 
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Problem 2.7 _ 

Show that, for all formulas <p and ip, 
Vn (cp Szip) \~ (Vu tfi&Vvip) 


In the final problem of the section we ask you to show that the UI Rule 
would not be logically valid if the condition that the variable v has no free 
occurrences in any relevant assumptions is dropped. 

Problem 2.8 -- 

Give an example of formulas <p and (pi,<p 2 ,... ,<p k f° r which tp is a logical 
consequence of (p 1 , <p 2 ,..., (p k , for which the variable v occurs freely in at 
least one of the ^ (thus disobeying the condition in the UI Rule), and such 
that Mv 0 is not a logical consequence of <p 1 , <p 2 , ■ • • - 4>k- Hint: Try the 
formula v = 0 for (p. Can you think of a single formula <p 1: in which v occurs 
freely, for which this <p , but not Wv (p, is a logical consequence of <p x 2 


3 QUANTIFIER LOGIC: THE 
EXISTENTIAL QUANTIFIER 


In this section we shall look at the two rules for manipulating the existential 
quantifier. The first rule will tell us how to infer an existential formula , that 
is, one of the form 3v cp. The second rule will tell us how to make inferences 
from a statement of this form. 


Note that, in more advanced books 
on logic, the term existential 
formula is used to mean something 
stronger than one of the form cp. 


3.1 The Existential Quantifier Introduction Rule 

In informal mathematics the direct method for proving that there exists an 
object with a certain property is to exhibit a specific example of an object 
which has that property. Here is a simple case of such a proof. 

Theorem 

There exists a non-zero 2x2 matrix whose square is the zero matrix. 

Proof 

LetA =(_i _i) ThenA2 =(_ i i -i)(-i -ins o)' 

Thus A is a non-zero 2x2 matrix with A 2 the zero matrix. ■ 

The pattern of this argument gives us our formal rule for existential 
quantifier introduction. If we have a formula <p{r/v) which expresses the fact 
that a certain term r has a certain property, then we can deduce from it the 
formula 3v (p which expresses the fact that there is some object which has 
that property. Put the other way round, this says that to derive 3v <p, the 
direct method is to find a term r such that the formula (p(r/v), which results 
from (p when we substitute r for the free occurrences of v, may be derived. 
As with the Universal Quantifier Elimination Rule, we need to impose the 
restriction that r may be freely substituted for v in <p. 
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Thus we are led to the following rule. 


Definition 3.1 Existential Quantifier Introduction Rule (El) 

If t is a term which may be freely substituted for the variable v in the 
formula <j>, and the formula <j>(r/v) occurs on a line of a formal proof, 
then on any subsequent line we may introduce the formula 3v <j>, which 
will depend on the same assumptions as does 3(j/v). 


With the specified condition on the term r, the rule can be shown to be 
logically valid. It is easy to see that the rule is machine-checkable. 

Example 3.1 

We show that 

3y0" = (y + y) b 3z3yz = (y + y) 

1 (1) 3y 0" = (y + y) Ass 

1 (2) 3z3yz = (y + y) El, 1 

If we let <j) be the formula 3yz = (y + y) , then the formula on line 1 is 
3(0"/z) and that on line 2 is 3zcj). Since the term 0" may be freely 
substituted for z in 3, this is a legitimate use of the El Rule. The 
assumption in force on line 2 is the same as that on line 1. 4 

Example 3.2 

We show that 

Vx (a; + 0) = x b Vx 3y (x + y) = x 

1 (1) Vx(x + 0)=x Ass 

1 (2) (x + 0) = x UE, 1 

1 (3) 3y (x + y) = x El, 2 

1 (4) Vx 3y (x + y) = x UI, 3 

Note that we cannot use the El Rule to go directly from line 1 to line 4 since 
the El Rule allows us to introduce an existential quantifier only at the 
beginning of a formula. So we cannot immediately insert 3y in the middle of 
the formula on line 1. 

If we let 3 be the formula (x + y) = x, then the formula on line 2 is 3(0/y) 
and that on line 3 is 3y 3- ♦ 

Example 3.3 

We show that 

(0 + 0) = 0 h 3x (0 + x) = 0 

1 (1) (0 + 0) = 0 Ass 

1 (2) 3x (0 + x) = 0 El, 1 

Here if we let 3 be the formula (0 + x) = 0, then the formula on line 1 is 
3(0/x) and that on line 2 is 3x3■ ♦ 


It is worth noting that a term 
which contains no variables may be 
freely substituted for any free 
variable in any formula. 


Note that the assumption 
(0 + 0) = 0 can be used to derive 
several different formulas (see 
Problem 3.1(c) for example). 
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Problem 3.1 _ 

Show the following. 

(a) Vx (x + 0) = x F By Vx (x + y) = x 

(b) Vx (x • 0') = x b Vx By (x • y) — x 

(c) (0 + 0) = 0 b By (y + y) = 0 

(d) Vx (x + 0) = x h Bx (x + x) = x 


3.2 The Existential Hypothesis Rule 

The fourth rule of our formal system for handling the quantifiers is rather 
more subtle than the other three. By analogy with the rules for the 
universal quantifier, you might expect there to be some sort of existential 
quantifier elimination rule which would enable us to drop an initial Bv from 
the beginning of a formula. But deductions of this kind would not be valid. 
From the fact that there is some object with a given property we cannot 
deduce that any object has that property. So any rule that enabled us to 
derive (/>(t/v) from Bv (j) could not possibly be logically valid. 

To discover what the second existential quantifier rule should be, we need to 
consider how we make deductions from existential statements in informal 
mathematics. The example we have chosen to look at again comes from the 
theory of matrices. We shall begin by giving a simple proof, just as you 
might find in an algebra textbook. Then, in order to make the logical form 
of the argument clearer, we rewrite the proof using the logical symbols. 
Finally we shall extract from this the logical rule we are seeking. Here then 
is our theorem and proof. 

Theorem 

If the matrix A has an inverse, then det A ^ 0. 

Proof 

Suppose that B is the inverse of A. Then AB = I, where I is the identity 
matrix. Therefore det A x det B = det AB = det 1 = 1. Hence 
det A^0. 

Now let us symbolize ‘B is the inverse of A’ by ‘BinvA’. The theorem 
asserts that from 3B B inv A it follows that det A ^ 0. The proof, however, 
begins ‘Suppose that BinvA’, then, after some algebra, we reach the 
conclusion ‘Hence det A ^ O’. Thus, although the theorem asserts that 
det A^O follows from the assumption that 3B B inv A, in the proof we do 
not start from this assumption. Instead, the assumption with which we start 
the proof is B inv A. However, when we have managed to deduce from this 
that det A ^ 0, we claim that the proof has been completed, that is, that we 
have in fact shown that det A ^ 0 follows from the assumption 3B B inv A. 
The reason we can make this claim is that, in the course of the proof, we 
made no assumption about B other than that given by our assumption 
B inv A, and in the conclusion that we reach, that det A^0, there is no 
mention of B. So this conclusion really depends only on the assumption that 
there is some matrix B which is the inverse of A, that is, the conclusion 
really depends only on the assumption that 3B B inv A, which is what the 
theorem asserts. 


Recall that det A stands for the 
‘determinant of A’. 
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This example is typical of the way existential hypotheses are used in 
mathematical arguments. To deduce some conclusion from the assumption 
that there is some object v which satisfies the property expressed by <p, that 
is, from the assumption 3v <p, we assume that v is an object which has the 
property expressed by <j> and deduce the desired conclusion without making 
any further assumption about v. 

So the formal rule we are looking for needs to express the fact that if we can 
derive a formula ip, in which v has no free occurrences, from the assumption 
(p, and possibly also from other assumptions none of which contain any free 
occurrences of v, then we can also derive ip from the assumption 3v <p and 
the other assumptions. Thus we are led to the following rule. 


Definition 3.2 Existential Hypothesis Rule (EH) 

Let ip be a formula which contains no free occurrences of the variable 
v. If on a line of a formal proof we have derived ip from the 
assumption <p, which may contain free occurrences of v, and possibly 
from other assumptions, none of which contains free occurrences of v, 
then on any subsequent line we may introduce the formula ip, which 
will depend on 3v (p and the other assumptions, if any. 


With the specified restriction on free occurrences of v, the rule can be shown 
to be logically valid. It is easy to see that the rule is machine-checkable. 

Example 3.4 

We show that 

3yx = (y 1 + y') b 3zx = (z + z) 

1 (1) 3yx = (y' + y') Ass 

2 (2) x = (y' + y') Ass 

2 (3) 3z x = (z + z) El, 2 

1 (4) 3zx = (z-\-z) EH, 3 

Because we are trying to derive 3z x = (z + z) from the assumption 
3yx = (y' + y'), we write down this latter formula as an assumption on 
line 1. The EH Rule tells us that one way to derive 3zx = (z + z) from this 
assumption is to derive it from x = (y 1 + y') and then use the EH Rule. So 
we write down this formula as an assumption on line 2. We now think about 
how we could derive the desired conclusion 3zx = (z + z). The El Rule is 
an appropriate rule to use if we want to derive a formula that begins with an 
existential quantifier. We note that if ip is the formula x = (z + z), then 
x = W + >/) is the formula ip(y'/z). The El Rule entitles us to derive 3zip 
from ip(y'/z), and so, by using this rule on line 3, we can write the formula 
3z x = (z + z) depending on the same assumptions as line 2. The variable y 
does not occur freely in 3z x = (z + z) and hence it is legitimate to use the 
EH Rule. Applying this to line 3, the effect is to replace the assumption 
x = W + y ') by the assumption 3yx= (y' + y'). In this case there are no 
other assumptions to worry about. Hence we obtain line 4, which is what we 
have been aiming at. ^ 

Notice that in this example the formula which we have derived on line 4 is 
exactly the same as the formula on line 3. The difference is in the 
assumptions involved. Line 3 depends on the formula on line 2, but line 4 
has the formula on line 1 as its assumption. This is typical of the use of the 
Existential Hypothesis Rule. When we use it, its effect is only to change the 
assumption formulas which are in force. We said it was more subtle than the 
other rules! 




Notice also that, typically, in preparation for a use of this rule, we 
introduced both the formulas 3yx = (y 1 + ?/) and x = (y' + ?/) as 
assumptions. We didn’t make the corresponding move in the informal proof 
of the theorem with which we began this section, but we could have done 
this by beginning the proof ‘Assume that the matrix A has an inverse and 
suppose that B is the inverse of A’. Some people might say that this is 
stylistically preferably to our proof. 

Example 3.5 

We give a schematic proof to show that, for all formulas (p and 9, 

3v 4>, Vv (4> —* 9) h 3v 9 

Our standard first move will be to write down as assumptions the formulas 
3v <p, Vw (0 —> 0), as we are aiming to show that 3v9 can be derived from 
these assumptions. The EH Rule tells us that we will achieve this if we can 
derive 3v9 from the assumptions (p, Vu (<p 9). So we next introduce (p as 

an assumption. Another standard technique when we have an assumption, 
as here, of the form Vu {<p —> 9) is to use the UE Rule to drop the initial 
universal quantifier. Once we do this, we will have derived both (p and 
(<j) — > 9). The Tautology Rule then enables us to derive 9 , and we can then 
obtain the desired formula 3v 9 by use of the El Rule. Let us follow this 
strategy through. 


1 

(1) 

3 v(p 

Ass 

2 

(2) 

Vv (<p —> 9) 

Ass 

3 

(3) 

(f> 

Ass 

2 

(4) 

(0 9) 

UE, 2 

2,3 

(5) 

9 

Taut, 3,4 

2,3 

(6) 

3 v9 

El, 5 

1,2 

(7) 

3 v9 

EH, 6 


On line 6 we have derived the formula 3v 9 we are aiming at, but not from 
the required assumptions. So we use the EH Rule to change the 
assumptions, that is, the assumption <f> is replaced by the assumption 3v <p. 

Is this a correct use of the EH Rule? We need to check that the variable v 
has no free occurrences in the conclusion, 3u 9, nor in any of the 
assumptions, other than <p , on which this conclusion depends. Clearly, v has 
no free occurrences in 3v 9, as this formula begins with the quantifier 3v. 
Likewise, v has no free occurrences in the only assumption, other than <p. on 
which 3v9 depends on line (6), as this other assumption is Vu (<p —► 9). So 
our use of the EH Rule on line 7 is legitimate. ♦ 

Problem 3.2 - 

Show that 

3x (y r • y') =x' \-3x {y' • y') = x 


Problem 3.3 - 

Show that, for all formulas <p and ip, 

3u (cp & ip) h (3u (p Sz 3vip) 

Hint. Follow the strategy of Example 3.5 to derive 3v<p and 3 vtp separately 
from ((p & ip). Then use the Tautology Rule and the EH Rule to complete 
the proof. 
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We have explained why the Existential Hypothesis Rule contains the 
following two requirements: 

(a) the variable v has no free occurrences in the formula ip] 

(b) the variable v has no free occurrences in any assumption, other than <p, 
on which ip depends. 

It is instructive to give examples of what can go wrong when either of these 
requirements fails to hold. We emphasize that the following are not correct 
formal proofs. 


1 

(1) 

3v v = 0 7 Ass 


Warning! This is not a correct 

2 

(2) 

v — O' Ass 


proof! 

1 

(3) 

v = 0' EH, 2 



1 

(4) 

Vuv = 0 7 UI, 3 



1 

(1) 

3vv — 0 

Ass 

Warning! This is not a correct 

2 

(2) 

3vv = O' 

Ass 

proof! 

3 

(3) 

v — 0 

Ass 


4 

(4) 

v = 0' 

Ass 


3,4 

(5) 

(v = 0 & v = 0 7 ) 

Taut, 3,4 


3,4 

(6) 

(w = 0 & v = 0 7 ) 

El, 5 


2,3 

(7) 

(v = 0 & v = 0 7 ) 

EH, 6 


1,2 

(8) 

3v (v = 0 & v = O') 

EH, 7 



The formula 3v v = 0' is true in the standard interpretation ./K, but 

W v — 0' is false in this interpretation. So the formula V?; v = 0' is not a 

logical consequence of 3vv = O'. Hence, example (a), which purports to be a 

formal proof of Vvv = 0 7 from the assumption 3vv — 0 7 , must have an error 

in it. Similarly, example (b) purports to be a formal proof of 

3v{v = 0 kv = O') from the assumptions 3vv — 0 and 3vv — 0 7 . These 

assumptions are true in JV but the conclusion is false. Thus 

(v = 0 L v = O') is not a logical consequence of the formulas v = 0, 
3vv = 0 7 . It follows that there must be an error in the purported proof. 

Problem 3.4 __ 

Find the errors in each of the above examples. If the Existential Hypothesis 
Rule has been used inappropriately, specify which requirement of this rule 
fails to hold. 


In contrast, the following example is a schematic proof in which the 
Existential Hypothesis Rule is used correctly. 
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Example 3.6 

We show that, for all formulas <p, 

3u3v <p b 3v 3u <p 

If we can derive 3v 3u <j> from the assumption 3v <p, then we can use the EH 
Rule to derive it from the assumption 3u 3v (p. Likewise, we can use the EH 
Rule to derive 3v 3u <p from the assumption 3v <p if we can derive it from the 
assumption <p. The El Rule enables us to derive 3v 3v <p from <p. Thus we 
arrive at the following schematic proof. 


1 

(1) 

Bit 3v <p 

Ass 

2 

(2) 

3v(p 

Ass 

3 

(3) 

<t> 

Ass 

3 

(4) 

3ucp 

El, 3 

3 

(5) 

3v 3u<p 

El, 4 

2 

(6) 

3u 3ucp 

EH, 5 

1 

(7) 

3u 3it (p 

EH, 6 


Since neither of the variables u and v can have any free occurrences in the 
formula 3v 3u <p, our uses of the EH Rule on lines 6 and 7 are correct. ♦ 

Problem 3.5 --- 

Show that, for all formulas <j> and ip, 

3v ( <j> V ip), Vu -1 <p b 3vip 


Here is an example of a schematic proof which uses each quantifier rule once. 

Example 3.7 

For each formula <p, 

3uWv<p b Vu3 ucp 


1 

(1) 

3uMvcp 

Ass 

2 

(2) 

\/v<p 

Ass 

2 

(3) 

(p 

UE, 2 

2 

(4) 

3 ucp 

El, 3 

2 

(5) 

Mv3ucp 

UI, 4 

1 

(6) 

Mv 3u cp 

EH, 5 


You should check that this is a correct schematic proof. In particular check 
that, when we have used the UI Rule on line 5 and the EH Rule on line 6, 
the requirements of these rules in relation to free occurrences of variables are 
satisfied. ♦ 

You have now met and used seven of the nine rules of proof. You may have 
found it difficult to see how to use some of these rules, particularly the 
Tautology Rule, in constructing formal proofs. To help you with this, the 
problem of finding formal proofs is discussed in Unit 6, where you will also 
be introduced to the final two rules of proof. 
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SUMMARY 


We began by giving a precise account of what we mean by a formal proof. 
This was based on a look at what informal proofs in everyday mathematics 
are like. We said that a formal proof must be both logically valid and 
checkable by a machine. 

We specified that a formal proof should consist of a finite sequence of 
formulas, and that each step must be justified by one of our rules of proof. 
This led us to set out a formal proof in lines, with one formula on each line. 
The lines are numbered for ease of reference, and each line is annotated on 
the right to indicate the rule of proof which has been used and, where 
appropriate, the earlier line or lines to which the rule has been applied. 

We saw that both informal and formal proofs involve drawing conclusions 
from assumptions and that it is important to keep track of which 
assumptions each line of a proof depends on. Each rule of proof includes a 
specification of which assumptions the conclusion depends on. We annotate 
proofs by listing, on the left of each line number, the numbers of the 
formulas which are used as assumptions in deriving that line. 

Having described the general structure of a formal proof, we began to 
describe the rules of proof that we use. 

The Assumption Rule is used to introduce assumptions into formal proofs. 
The main rule for handling arguments involving the connectives is the 
powerful Tautology Rule. When it comes to finding formal proofs, the use of 
this rule depends on being able to spot appropriate tautologies. The 
Conditional Proof Rule is useful when the formula we are trying to derive is 
an implication. 

We came next to the rules for handling the quantifiers. We needed to make 
an important distinction between free and bound occurrences of variables in 
formulas. We saw that, from the formation rules described in Unit 4, it is 
not difficult to obtain an algorithm for deciding which occurrences of 
variables in formulas are free and which are bound. 

Our rules for the quantifiers all involve restrictions which depend on whether 
certain variables have free occurrences in the formulas we are using. We saw 
that without these restrictions the rules would not be logically valid. We 
have two rules for each quantifier. For the universal quantifier we have both 
an Introduction and an Elimination Rule. We also have an Introduction 
Rule for the existential quantifier, but the second rule for this quantifier, the 
Existential Hypothesis Rule is rather more subtle. When we apply this rule 
to a particular line of a formal proof, the formula on the line is unchanged, 
but one of the assumptions on which it depends is changed by the prefixing 
of an existential quantifier. 

We have not yet completed listing all the rules of proof of our formal system. 
We do this in the next unit where we introduce two rules de aling with the 
identity symbol. We also address the practical problem of finding formal 
proofs, and offer some guidelines to help with this task. Unit 6 ends with a 
discussion of how we augment the formal system by adding axioms to 
describe properties of natural numbers, which is the ultimate focus of our 
attention. 




OBJECTIVES 

We list those topics on which we may set assessment questions to test your 

understanding of this unit. 

After working through the unit you should be able to: 

(a) understand the meaning and use of each of the rules Ass, Taut and CP; 

(b) determine whether the occurrences of variables in formulas are free or 
bound; 

(c) determine whether or not a given term may be freely substituted for a 
given variable in a given formula; 

(d) understand the meaning and use of each of the rules UE, UI, El and EH 
and why there are restrictions on the variables and terms they involve; 

(e) check a purported formal proof to see whether the uses of the seven 
rules Ass, Taut, CP, UE, UI, El and EH are legitimate; 

(f) add the correct assumption numbers to the lines of a formal proof from 
which they are missing; 

(g) construct simple formal proofs using the rules listed in (e). 
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ADDITIONAL EXERCISES 


Most of these exercises provide further practice, should you feel you need it, 
in handling the main ideas in the unit on which you are likely to be assessed 

There are a few harder problems, labelled as such in the margin. These are 
harder than any of the problems you are likely to encounter in the 
assessment and are included solely as challenges for the interested student. 


Section 1 

1 The following is a correct schematic proof from which the assumption 
numbers have been omitted. 


(1) 


Ass 

(2) 

—itp 

Ass 

(3) 

(~>(p & -up) 

Taut, 1,2 

(4) 

{<pv ip) 

Ass 

(5) 

~'(-<<p & ~'ip) 

Taut, 4 

(6) 

((-'<P & - , ip) & & _, V0) 

Taut, 3,5 

(7) 

(-'ip —> ((-'<P & -'ip) & - , (-'4> & ~ , V0)) 

CP, 6 

(8) 

ip 

Taut, 7 

(9) 

((<p Vip)->tp) 

CP, 8 


(a) What are the assumptions in force on each line? 

(b) What tautologies are being used on lines 3, 5 and 8? 

(c) Show that the formulas used to obtain lines 5 and 8 are indeed 
tautologies. 

2 Find all the mistakes in the following ‘schematic proof’; when 

investigating a particular line, find the errors on that line, if any, under 
the assumption that all the previous lines are correct. 


1 

(1) 

(cpV ip) 

Taut 

Warning! This is not a correct 

1 

(2) 

(<P&i >) 

Taut, 1 

proof! 

2 

(3) 

(P 

Taut, 2 


1 

(4) 

tp 

Taut, 1,2 



(5) 

(ip->(<pV ip)) 

CP, 4 


1 

(6) 

(4> v ip) 

Taut, 4,5 



3 Determine a schematic proof of 

((<£ -*■ VO -* -*■ -></>)) 

which depends on no assumptions. 

4 Prove that if <p is a formula which is a tautology, then there is a formal Harder problem 
proof of <p which depends on no assumptions. Hints: Suppose <p is a 

tautology. Knowing nothing else about <p, the only hope of deriving it 
would seem to be a use of the Tautology Rule. This means finding a 
formula 9 such that (9 —► (f>) is a tautology, where we have previously 
derived 9. The Tautology Rule could then be used to derive <j> 
depending on the same assumptions as 9. Since we want to derive (p 
from no assumptions at all, we need to find a formula 9 that can be 
derived from no assumptions. Can you find such a 9 for which (9 —> <p) 
is a tautology? 
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Section 2 


1 For each of the following formulas, determine which occurrences of 
variables are free and which are bound. 

(a) Vy (3 1 (y + x) = t -* x' = (t • z)) 

(b) Vt 3x (Vj/x = y —► 3zz' = (t • x)) 

(c) (Vx 3 1 x' = t' V 3y (x + y) — t) 

2 For each of the formulas in the preceding question, write down the 
result of substituting the term (x • t ) for each free occurrence of x in the 
formula. In which of the formulas may this term be freely substituted 
for x? 

3 Show that 

Vx Vy (x + y) = (y + x) b Vx (x + 0) = (0 + x) 

4 Show that, for all formulas 0 and ip, 

Wv (</>—> ip) h (0 —> Vu ip) 

provided that the variable v does not occur freely in <p. For which 
step(s) of your argument do you need the condition that v does not 
occur freely in <j>? 

5 Show that, for all formulas <p, ip and 9, 

Vv (<p —> ip),Vv (ip —> 9) b Vu (<p —► 9) 


Section 3 

2 Show that, for all formulas cp and ip, 

Vw {<p — » VO I - (3v cp ip) 

provided that the variable v does not occur freely in ip. For which 
step(s) of your argument do you need the condition that v does not 
occur freely in ip ? 

2 The following correct schematic proof is incomplete because the 
assumption numbers are missing. Fill in these numbers. 


(1) 

Vw (9 


ip) 

Ass 

(2) 

(*-» 

iP) 


UE, 1 

(3) 

3 v9 



Ass 

(4) 

(*-> 

(0 

^)) 

Taut, 2 

(5) 

9 



Ass 

(6) 

(0-+ 

iP) 


Taut, 4,5 

(7) 

3v (9 


iP) 

El, 6 

(8) 

3v (9 


ip) 

EH, 7 

(9) 

(3 v9 

-> 

3 v(9^iP)) 

CP, 8 
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3 Find the mistake(s) in the following ‘schematic proof’ that, for all 
formulas <p and ip, 

cp,3vip\- (c p & ip) 


1 

(1) 

3vcp 

Ass 

Warning! This is not a correct 

2 

(2) 

3 vip 

Ass 

proof! 

3 

(3) 

<t> 

Ass 


4 

(4) 

ip 

Ass 


3,4 

(5) 

{<p & ip) 

Taut, 3,4 


3,4 

(6) 

3v {cp & ip) 

El, 5 


1,4 

(7) 

(<p & ip) 

EH, 6 


1,2 

(8) 

3v (<p & ip) 

EH, 7 



4 Show that 

3xx = 0\~3yy = 0 

5 The Existential Hypothesis Rule is stated as follows. 

Let ip be a formula which contains no free occurrences of the 
variable v. If on a line of a formal proof we have derived ip from the 
assumption <p , which may contain free occurrences of v, and possibly 
from other assumptions, none of which contains free occurrences 
of v, then on any subsequent line we may introduce the formula ip, 
which will depend on 3v <p and the other assumptions, if any. 

Give an example to show that the rule would not be logically valid if 
the condition that ip contains no free occurrences of v is omitted. This 
means finding a formula ip containing free occurrences of v, a formula (p 
which may contain free occurrences of v and possibly formulas 
(p l ,p 2 ,... ,(p k in which v does not occur freely such that ip is a logical 
consequence of (p and <p x , <p 2 ,..., <p k , but with ip not a logical 
consequence of 3v (p and <p lf (p 2 , ■.., (p k . Hint : The discussion following 
Problem 3.3 should help. 

6 The Existential Quantifier Introduction Rule is stated as follows. Harder problem 

If r is a term which may be freely substituted for the variable v in 
the formula (p, and the formula <P(t/v) occurs on a line of a formal 
proof, then on any subsequent line we may introduce the formula 
3vcp , which will depend on the same assumptions as does <p(r/v). 

Give an example to show that the rule would not be logically valid if 
the condition that the term r may be freely substituted for the variable 
v in the formula <p is omitted. This means finding a formula <p, a term r 
not freely substitutable for v in (p and possibly formulas <p 1 , <p 2 ,..., <p k 
such that <P(t/v ), but not Eh; <p, is a logical consequence of cp 1 ,<p 2 ,... ,<p k . 
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SOLUTIONS TO THE PROBLEMS 


Solution 1.1 

(a) (i) The schematic proof with the assumption numbers added is as 
follows. 


1 

(1) 

ip 

Ass 

2 

(2) 

<P 

Ass 

1 

(3) 

((p\J ip) 

Taut, 1 

1,2 

(4) 

(<p&ip) 

Taut, 1,2 

1,2 

(5) 

((</> V ip) k. (<pkip)) 

Taut, 3,4 

2 

(6) 

(ip-> ((<pVip)k(<pkip))) 

CP, 5 


(ii) The tautologies which have been used are as follows. 

line 3: (ip —> (<p V ip)) 
line 4: ((ip k (p) —> (cp k ip)) 

line 5: (((<p V ip)k(<pk ip)) —+ ((<p V ip) k (<p k ip))) 

(b) (i) The schematic proof with the assumption numbers added is as 
follows. 


1 

(1) 

(<P vx) 

Ass 

2 

(2) 

-‘X 

Ass 

1,2 

(3) 

<p 

Taut, 1,2 

4 

(4) 

Ip 

Ass 

1,2,4 

(5) 

(<pkip) 

Taut, 3,4 

1,4 

(6) 

hx -*• ((pkip)) 

CP, 5 

1,4 

(7) 

(x V (<p & Ip)) 

Taut, 6 

1 

(8) 

(ip (x V (<p & Ip))) CP, 7 


(ii) The tautologies which have been used are as follows. 

line 3: (((< p V x) & ->x) -> <P) 

line 5: ((<p k ip) —> (<p k ip)) 

line 7: ((-'X (4> k VO) -> (X V (cp k ip))) 

Solution 1.2 

(a) One possible schematic proof is as follows. 

1 (1) (p Ass 

2 (2) -up Ass 

1,2 (3) -<</>-► VO Taut, 1,2 

(b) All that we need to do is to append to the above schematic proof two 
lines on which we use the Conditional Proof Rule, as follows. 

1 (4) (-up -> -i(<p -* ip)) CP, 3 

(5) (<p -> (-i ip -* -i(<p -*• ip))) CP, 4 
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Solutions to the Problems 


Solution 1.3 


(a) 

1 

(1) 

<P 


Ass 



2 

(2) 

{<t> -► ip) 


Ass 



1,2 

(3) 

ip 


Taut, 1,2 



1 

(4) 

((<A -*ip)^i>) 


CP, 3 




(5) 

0 <P -» {{<P -*ip)~* 

V’)) 

CP, 4 


(b) 

1 

(1) 

(~y(p -> -Mp) 



Ass 


2 

(2) 

(-r(p -> Ip) 



Ass 


1,2 

(3) 

<P 



Taut, 1,2 


1 

(4) 

T 

T 



CP, 3 



(5) 

T 

T 

r 

T 

• ip) -* </>)) 

CP, 4 


The same strategy has been used in both parts (a) and (b). 

In part (a) we are aiming to show that we can derive the formula 
(<P — ♦ {{<P -* ip) —* VO) depending on no assumptions. Since this formula is 
an implication, a use of the Conditional Proof Rule suggests itself: if we can 
derive ((<p —► ip) —► ip) depending on the assumption <p, then using 
Conditional Proof Rule it follows that (<p —> ((o —- ip) —+ ip )) can be derived 
depending on no assumptions. Since ((ep -> ip) -> ip) is also an implication, 
another use of the Conditional Proof Rule indicates itself: if we show that 
the formula ip can be derived from the assumptions <p and (</>—► ip), then by 
Conditional Proof Rule ((<p —> ip) —> ip) can be derived from the assumption 
(p. We can derive ip from the assumptions (p and (<f> —> ip) in one step using 
the Tautology Rule provided that the formula 

{{(pk{(p -> ip)) -> ip) 

is a tautology. Using a truth table, it is easy to check that this is so. 

Essentially the same strategy is used in part (b). The use of the Tautology 
Rule on line 3 is correct provided that the formula 

(((-.<£ -4 -Tip) & (-,(/) iP)) -> (P) 

is a tautology. Again, using a truth table, it is easily checked that this is so. 

Solution 2.1 

In each case we have underlined the bound occurrences of variables. The 
given formula is a sentence if all the variables in it are underlined, that is, if 
all the occurrences of variables are bound occurrences. 

(a) Vx 3y -i x = y. This is a sentence. 

(b) ((x = y\J 3t (x + t) = y) V 3 1 (y + t) — x). This is not a sentence. 

(c) (3 z(z-x) = y Vy(3z(z-y) = x ->■ ~>3i (x • x) =y)). This is not a 

sentence. 

(d) 3x (x = y V -i x — y). This is not a sentence. 

(e) {3xx — y V ->x = y). This is not a sentence. 


Notice the effect of the different 
arrangement of the brackets in (d) 
and (e). 
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Solutions to the Problems 

Solution 2.2 

(a) 3y (yy) = ((z" + 0) • (( 2 " + 0) + y)) 

(b) Here only the final occurrence of x is a free occurrence, and hence we 
only replace this occurrence of a; by O'. Thus we obtain 

(3x (x-x) = ykO' = (z + y)) 

(c) Here there are no free occurrences of x and hence (/>(t/v) is the same as 
(\!>, that is 

3x ((x • x) = y k x = (z + y)) 

(d) 3x ((a; • x) = O' k x — (z + 0')) 

(e) 3yy = {y' + y') 

(f) 3x (x + x) = (x • x) 

(g) Since r is the same as v. <P(t/v) is the same as <j>, that is 

3a; (z + x) = (z • x) 

Solution 2.3 

(a) The term (z" ■ y) may be freely substituted for x in the given formula <j>. 
Here 4>(t/v) is 

(32 z = y' k3t(t-t) = (z" ■ y)) 

and the occurrences of the variables y and 2 in r give rise to free 
occurrences in <j>( t/v). 

(b) The term (z" • y) may not be freely substituted for x in <j>. Here (j>(r/v) 
is 

3^ (z = y l k 3 1 (t't) = 2 " • y)) 

where the bound occurrences of variables have been underlined. The 
variable 2 in r becomes bound in (P(t/v). 

(c) The term (y + x) may be freely substituted for y in (f>. Here <j>(r/v ) is 

(Va; 32 x = (2 + 2 ) —> 3t (t + 1) = (( y + a;) + 2 )) 

and the occurrences of x and y in r give rise to free occurrences of these 
variables in 4>(t/v). 

(d) There are no free occurrences of y in <f>, so 4>{t/v) is identical to (f> and, 
in a vacuous way, none of the variables in r becomes bound when we 
replace the free occurrences of y in <f> by r. Thus r may be freely 
substituted for y in <j>. 

(e) The term r can be freely substituted for x in <fi. Since r is the same as x, 
<I>(t/v) is the same as <p and no problem arises. 


Solution 2.4 



1 

(1) 

Va;Vy (a; + y) = (y - fix) 

Ass 

1 

(2) 

Va/ (o' + y) = (y + o') 

UE, 1 

1 

(3) 

(O' + 0 ") = ( 0 " + o') 

UE, 2 
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Solutions to the Problems 


Solution 2.5 

The formula Vx 3y -i x = y can be regarded as being Vx <j>, where <f> is the 
formula 3y -< x — y. The formula 3y -> r = y is then (p(rjx). 

To see that the answer to the question posed is ‘no’, we need to find a 
term r that is not freely substitutable for x in <p. The simplest example is to 
take r to be the variable y. Thanks to the By, this term cannot be freely 
substituted for x in 3y-<x = y. 


Any interpretation with a domain 
containing at least two elements 
will do. 

Solution 2.6 

1 (1) VxVy'iz((x + y)'z) = ((x-z) + (yz)) Ass 
1 (2) VyVz((x + y)-z) = ((x-z) + (yz)) UE, 1 

1 (3) Vz((x + x) • z) = ((x • z) + (a; • z)) UE,2 

1 (4) ((x + x) • x) = ((x • x) + (x • x)) UE, 3 

1 (5) Vx((x + x) -x) = ((x • x) + (x • x)) UI, 4 

In each case where we use the UE Rule to replace a formula of the form Vv (p 
by 4>(t/v), the term r is just the variable x itself. 

Solution 2.7 

We first derive Vv <p and Vv ip separately and then use the Tautology Rule to 
obtain (Vv <p & Vv ip). In deriving Vv <p, we first derive <p and then apply the 
UI Rule. We then use the same strategy to derive Vv ip. 

1 (1) Vv(cpkip) Ass 

1 (2) {(pkip) UE, 1 

1 (3) <p Taut, 2 

1 (4) Vvip UI, 3 

1 (5) ip Taut, 2 

1 (6) Vvip UI, 5 

1 (7) (Vv <p kMvip) Taut, 4,6 

Solution 2.8 

Let cp be the formula v = 0, as suggested in the hint. Let <p 1 be the same 
formula, so v occurs freely in <p x . Then trivially 0 is a logical consequence of 
(p x . But we can show that Vv cp is not a logical consequence of <p x . For 

instance, take the standard interpretation JV and give v the value 0 from Any interpretation with a domain 
the domain N. Then the formula v = 0 is true, but Vvv = 0 is false, as it is containing at least two elements 
not the case that all numbers v are equal to 0. do. 


With this choice for r, we now need to show that 3y^y = y is not a logical 
consequence of Vx3y-<x = y. This means giving an interpretation in which 
Vx 3y -i x = y is true and 3y y = y is false. We shall take the standard 
interpretation xV with domain N. In this interpretation Vx 3y -> x = y is true 
as for any natural number x there is always a number y to which it is not 
equal, while 3y y = y is false as there is no number not equal to itself. 
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Solutions to the Problems 


Solution 3.1 

(a) If we let <p be the formula Vx (x + y) = x, then 0(0 /y) is Va: (x + 0) = x 
and from 0(0 /y) we can derive 3 yep. So we have the following formal 
proof. 



1 (1) 

Va; (x + 0) = x 

Ass 


1 (2) 

3 y\/x(x + y) = 

x El, 1 

(b) 

1 (1) 

Va: ( x • O') = x 

Ass 


1 (2) 

(x • O') = x 

UE, 1 


1 (3) 

3 y{x-y) =x 

El, 2 


1 (4) 

Va; 3y (x • y) = x 

UI, 3 

(c) 

1 (1) 

(0 + 0) = 0 

Ass 


1 (2) 

3y(y + y) = 0 

El, 1 

(d) 

1 (1) 

Va; (x + 0) = x 

Ass 


1 (2) 

(0 + 0) = 0 

UE, 1 


1 (3) 

3a; (x + x) = x 

El, 2 


If we let <j) be the formula (x + 0) = x and ip be the formula 
{x -\- x) = x, then the formula on line 1 is V.x (p and we use the UE Rule 
to derive <p(0/x) on line 2. But this formula is also ip( 0/x) and so we 
use the El Rule to derive 3 xip on line 3. 

Solution 3.2 


1 

(1) 

3x ( y' ■ 

V') = 

Ass 

2 

(2) 

W • y') 

= x' 

Ass 

2 

(3) 

3x {y' ■ 

y') = x 

El, 2 

1 

(4) 

3x ( y' ■ 

y') =x 

EH, 3 


If (p is the formula (y' • y') = x, then the formula {y 1 • y') = x' which appears 
on line 2 is <p{x' /x). Hence the use of the El Rule to derive 3 xcp is 
legitimate. Since the variable x does not occur freely in 3x </>, the use of the 
EH rule on line 4 is also legitimate. 

Solution 3.3 


1 

(1) 

LU 

ce 

iP) 

Ass 

2 

(2) 

(cpbip) 


Ass 

2 

(3) 

(p 


Taut, 2 

2 

(4) 

3v (p 


El, 3 

2 

(5) 

ip 


Taut, 2 

2 

(6) 

3 vip 


El, 5 

2 

(7) 

(3u <p & 

3n ip) 

Taut, 4,6 

1 

(8) 

(3 vcpk. 

3v ip) 

EH, 7 


Solution 3.4 

(a) The error occurs on line 3. The use of the EH Rule on this line is not 
valid because the variable v has a free occurrence in the formula on line 2 
to which the rule has been applied. Thus, in the terms of the discussion 
preceding the problem, requirement (a) of the EH rule does not hold. 

(b) The error occurs on line 7. The use of the EH Rule on this line is not 
correct because the variable v occurs freely in the formula v = 0, that is, 
the formula on line 3, which is used as an assumption on both lines 6 
and 7. So requirement (b) does not hold. 

Note that the use of the EH Rule on line 8 is valid as the variable v 
does not occur freely in the formula on line 2, that is 3vv = O', which is 
used as an assumption on both lines 7 and 8. However, a single 
illegitimate use of a rule is enough to invalidate the entire formal proof. 
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Solution 3.5 


1 

(1) 

3u (cp V ip) 

Ass 

2 

(2) 

Vv -Kp 

Ass 

3 

(3) 

(0 V ip) 

Ass 

2 

(4) 

—■0 

UE, 2 

2,3 

(5) 

iP 

Taut, 3,4 

2,3 

(6) 

3 vip 

El, 5 

1,2 

(7) 

3w ip 

EH, 6 


The strategy used to find this schematic proof follows ideas used in earlier 
examples. We begin by writing down as assumptions the two formulas from 
which we are aiming to derive 3u ip. Experience with the EH Rule tells us 
that to derive a formula from the assumption 3v (cp V ip) it would be a good 
move to derive it from (cp V ip). So we introduce this formula as an 
assumption on line 3. Experience also tells us that with an assumption such 
as V?; -i <p it would probably be helpful to use the UE Rule to drop the 
universal quantifier, and we have done this on line 4. 

We now turn our attention to our ultimate aim of deriving the formula 3w ip. 
We know that if we can derive ip then we can obtain 3v ip by using the El 
Rule. So we look to see if we can derive ip from the formulas (cp V ip) and -><p 
on lines 3 and 4. We can achieve this by a single use of the Tautology Rule 
provided that the formula (((cp V ip) k -i<p) -+ ip) is a tautology. A truth 
table shows that it is a tautology and this gives us line 5. Using what should 
by now be familiar applications of the El and EH Rules, we then get the 
desired conclusion 3v ip depending on the desired assumptions on line 7. 


SOLUTIONS TO ADDITIONAL 
EXERCISES 


Section 1 


(a) 1 

(1) 

-'(p 


Ass 

2 

(2) 

—up 


Ass 

1,2 

(3) 

(~<ip & -up) 


Taut, 1,2 

4 

(4) 

(<p\/ip) 


Ass 

4 

(5) 

—>(—'0 & ~i1p) 


Taut, 4 

1,2,4 

(6) 

((—i(p & —iip) & —i(—i(p & 

-HP)) 

Taut, 3,5 

1,4 

(7) 

(-lip — > ((-!<p & -lip) & ' 

i(-np k-up))) 

CP, 6 

1,4 

(8) 

iP 


Taut, 7 

1 

(9) 

((ip Vip)-up) 


CP, 8 

(b) line 3: ((-> 

<p & - 

up) — > (~Kp & -up)) 




line 5: ((cp V ip) —► ->(-«p k -up)) 

line 8: ((-> ip —> ((~i<p k -up) k ~'(~ i cp k -> ip ))) —> ip) 





(c) Truth tables must be provided. 


(0 

V 

Ip) 

-» 

—1 


<p 

& 

—1 

VO) 

1 

1 

1 

1 

1 

0 

1 

0 

0 

1 

1 

1 

0 

1 

1 

0 

1 

0 

1 

0 

0 

1 

1 

1 

1 

1 

0 

0 

0 

1 

0 

0 

0 

1 

0 

1 

0 

1 

1 

0 


t 

tautology 


((- 

Ip 

- 

((- 

<p 

& 

—1 

Ip) 

& 

“I 


<p 

& 

—1 

m 

- 

Ip) 

0 

1 

1 

0 

1 

0 

0 

1 

0 

1 

0 

1 

0 

0 

1 

1 

1 

1 

0 

0 

0 

1 

0 

1 

0 

0 

1 

0 

1 

0 

1 

0 

1 

0 

0 

1 

1 

1 

0 

0 

0 

1 

0 

1 

1 

0 

0 

0 

1 

1 

1 

1 

0 

0 

1 

0 

1 

1 

0 

0 

0 

1 

0 

1 

1 

0 

1 

0 


T 

tautology 


2 Line 1: With the rules introduced so far, the first line of a proof can 
only be obtained by an application of Assumption Rule; to correct the 
line, replace ‘Taut’ by ‘Ass’. 

Line 2: This is an incorrect use of the Tautology Rule, as 
((cp V ip) —► (<p & V’)) is not a tautology. 

Line 3: A tautology has been used but, for a correct use of the 
Tautology Rule, the assumptions in force on line 3 should be those in 
force on line 2, namely assumption 1. 

Line 4: This line is correct. 

Line 5: The wrong formula has been derived. The formula on line 4 
should appear as the consequent of the implication (i.e. after the —> 
symbol) on line 5, and the formula on line 1 should appear as the 
antecedent (i.e. before the —> symbol). The correct formula derived by 
the Conditional Proof Rule is ((cp V ip) —*■ ip). 

Line 6: This line is correct. 

3 There are many correct proofs. We give two examples. 

Prom the pattern of what is to be proved, and in particular the position 
of some of the occurrences of —we see that if we can prove (-> ip — > ~«p) 
from the assumption (<p — > ip), then a use of the Conditional Proof Rule 
will give a proof of (( (p —> ip) —> (-up — ► ~Kp)), as follows. 

1 (1) (<p —> ip) Ass 

1 (2) (~i <ip — » —i<(p) Taut, 1 

(3) ((<£^ VO-HZ’--<£)) CP, 2 
The tautology used to obtain line 2 is ((<p —* ip) —*► (-up —> -«P))- 

Equally, a proof of -■ (p from the assumptions ( <p —* ip) and -up can be 
turned into a proof of (( <p —> ip) —> (~<ip —> ~<(p)) by two uses of the 
Conditional Proof Rule, as follows. 

1 (1) (<p —> ip) Ass 

2 (2) -up Ass 

1,2 (3) Taut, 1,2 

1 (4) (— , ip—*—'<P) CP, 3 

(5) ((<p ip) -> (-up -+ -Kp)) CP, 4 

The tautology used to obtain line 3 is (((cp —> ip) & -up) —► ~Kp). 
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4 We note first that if q> is a tautology then, for each formula 9 , the 

formula (9 —> <fi) is also a tautology. For suppose 0 is a tautology. Then, 
on each row of the truth table for (9 — <f>), <j> gets the value 1. We see 
from the truth table for —> that it follows that (9 —> </>) also gets the 
value 1 on each row, and hence it is a tautology. 

It follows that, if <f> is a tautology, we can use the Tautology Rule to 
derive <p from 9, whichever formula we choose for 9. If 9 can be derived 
using no assumptions, then in this way we get a derivation of <j> using 
no assumptions. Thus we can use for 9 any formula which can be 
derived using no assumptions. 

The following is a simple schematic proof that makes use of this idea. 

1 (1) (j> Ass 

(2) (0-0) CP, 1 

(3) 0 Taut, 2 

The formula (0 — 0) plays the role of 9 in the above discussion. 


Section 2 

1 (a) Vy (3t (y + x) = t — x' = (f • z)) 

The bound occurrences of variables are underlined. 

(b) All the occurrences of variables are bound. Thus the formula is a 
sentence. 

(c) (Vx 3tx' — t' V 3y (x + y) = t) 

Again we have underlined the bound occurrences of the variables. 

2 (a) The formula that results from substituting the term (x • t ) for the 

free occurrences of x is 

Vj/ (3t (y + (x • t)) = t — (x • t)' = (t • z)) 

T 

bound 

The term may not be freely substituted for a; as a new bound 
variable is introduced. 

(b) As there are no free occurrences of x, the formula is unchanged. 
Thus the term may be freely substituted. 

(c) The formula that results from substituting the term (x • t) for the 
free occurrences of x is 



(Va; 

3tx' = t' V 3y((x -t) + y) 

= t). 

The term 

may be freely substituted for x. 

1 

(1) 

VxVy(x + y) = (y + x) 

Ass 

1 

(2) 

Vy {x + y) = (y + x) 

UE, 1 

1 

(3) 

{x + 0) = (0 + *) 

UE, 2 

1 

(4) 

Vx (x + 0) = (0 4- x) 

UI, 3 


Note that we cannot use the UE Rule to go directly from line 1 to 
line 4, since the UE Rule enables us only to eliminate a universal 
quantifier that occurs at the beginning of a formula. So we cannot 
immediately eliminate the quantifier Vy from the formula on line 1. 


See the solution to Problem 2.3(d). 
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4 


1 (1) Vu (4> —> VO Ass 
1 (2) (V>-+VO UE, 1 
3 (3) 0 Ass 

1,3 (4) ip Taut, 2,3 

1,3 (5) VuV; UI, 4 

1 (6) (0 —> Vv ■0) CP, 5 

Thus 

Vu (0 —*■ 0) H (0 —>■ Vu V’) 

provided the variable v does not occur freely in <p. 

The condition that v does not occur freely in <j> is needed to derive 
line 5, because the application of the UI Rule to the formula on line 4 
requires that v does not occur freely in any of the assumptions in force 
on line 4, and (p is one of these. 

5 1 (1) Vu (</> —> VO Ass 

2 (2) Vu (ip —» 6) Ass 

1 (3) (0->VO UE, 1 

2 (4) (ip-*0) UE, 2 

1,2 (5) {<p —> 6) Taut, 3,4 

1,2 (6) Vu(0— >6) UI, 5 


Section 3 


1 

(1) 

Vv (<p —> ip) 

Ass 

2 

(2) 

3 vcp 

Ass 

3 

(3) 

<P 

Ass 

1 

(4) 

{(P -*• VO 

UE, 1 

1,3 

(5) 

v> 

Taut, 3,4 

1,2 

(6) 

v> 

EH, 5 


1 (7) (3v(p-*rp) CP, 6 

The condition that v does not occur freely in ip (the formula on line 5) 
is needed to justify the use of the EH Rule to obtain line 6. 


1 

(1) 

Vv (6 

-*• 

V») 

Ass 

1 

(2) 

(*- 

VO 


UE, 1 

3 

(3) 

3 vO 



Ass 

1 

(4) 

(*- 

(0 

V’)) 

Taut, 2 

5 

(5) 

6 



Ass 

1,5 

(6) 

(«-» 

VO 


Taut, 4,5 

1,5 

(7) 

3u (6 

-> 

i>) 

El, 6 

1,3 

(8) 

3v (6 

-*• 

ip) 

EH, 7 

1 

(9) 

(3 vO 

-> 

3v (6 -<• ip)) 

CP, 8 


3 The mistake is in the use of the EH Rule on line 7. In general, the 
variable v will have free occurrences in the formula ip. This formula is 
used as an additional assumption on line 6. So the use of the EH Rule 
to derive line 7 is not legitimate. (On the other hand, there is nothing 
wrong with the use of the EH Rule on line 8, since in this case the 
additional assumption on which line 7 depends, that is, the formula 
3 vcp, does not contain any free occurrences of the variable v.) 
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4 


1 (1) 3xx = 0 Ass 

2 (2) x = 0 Ass 

2 (3) 3yy = 0 El, 2 

1 (4) 3yy — 0 EH,3 

5 Let ip and <p both be the formula v = O', which contains a free 
occurrence of v. Then trivially xp is a logical consequence of <p, as they 
are the same formula. But ip is not a logical consequence of 3v <p. For 
instance, take the standard interpretation JV and give any free 
occurrences of v the value 3. Then 3vv = O' is true (as the occurrence 
of v in this formula is not free, and the formula is true as there is 
indeed a number in N equal to the successor of 0) while v = O' is false, 
because v is being interpreted by 3 rather than 1. 

6 Let (p be the formula \/y v = y and let r be the term y, which is not 
freely substitutable for v in <p. The formula <P(t/v) is then \fyy = y, 
which is true in all interpretations. But 3v<p is the formula 3v\/yv = y 
which is false in the standard interpretation Jf, or indeed in any 
interpretation with a domain consisting of more than one element. 
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